General
-
Target
17062024_1644_17062024_RFQ PO87363839.pdf.tar
-
Size
601KB
-
Sample
240617-t8y6vawclf
-
MD5
9bc0e53867657dfb2b3eb6a7e85ae866
-
SHA1
df69f2ee2952fbeaaa841e20186f569ab8d71eae
-
SHA256
8c8c93a70dc50d109b63cac33e5d9311413f5266e567aab6d8b60c5eb184df95
-
SHA512
5dc438c1af6527736c3ca24b43e83b95a3043cd5faf9482599b1b18f47ab24f27e0fd2defa337a988eab0cf93a45cedcd44e06df007d4885bc703394d1aaa106
-
SSDEEP
12288:/Cjnx1cBtVLoUwEJLhmJtwfG3ApSudG9Bsm3jWgGW7X1ueE2/TH7:G7cPVLbJatwDd4Bs+W3UjH7
Static task
static1
Behavioral task
behavioral1
Sample
RFQ PO87363839.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
RFQ PO87363839.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.annapurnabhaskari.com - Port:
587 - Username:
[email protected] - Password:
krishna@123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.annapurnabhaskari.com - Port:
587 - Username:
[email protected] - Password:
krishna@123
Targets
-
-
Target
RFQ PO87363839.exe
-
Size
636KB
-
MD5
c65224275a8be8b8da70214438fa5b32
-
SHA1
a09d680e0911635ddb9372cf785141a567089855
-
SHA256
aca5900b486ee6d687609c026cff2d3c405992566f9a9f9bd355ca1c81ee7b65
-
SHA512
b54517c1d8daaa4715cf93274ae9d473df1024767737b005c14503b1a31c5569787a7cc178558e8549baabfb2e762a9495ae1fb71bd4351732277ac80db9d0ed
-
SSDEEP
12288:Is/iFIsPAb/z/OHXK0eNUQyEszajH7LrCEp3AaKy0OCnzOSRfJD5dXsAM3hDT/:lkIKybm3KbNb7LrCEp3AadCnzOAD5xsZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-