General
-
Target
Request For Quote document.exe
-
Size
294KB
-
Sample
240917-cszzrszfkj
-
MD5
9fe3c4fe210d4dbcbcd600a0f3bafa8e
-
SHA1
0abb32cb963fdf10289f5a5c308a1be7eeb6bfcb
-
SHA256
22d69380285b3ae54c3ab153d36152c70a1d40e5e860ccb962ac564c86a6cdb4
-
SHA512
26d6b9b7f3dfc3c3d1741748234d1e155a424bd8dbfa6d40c658637c95a8c4646e9002c230f8fe04c26fb19fa3803bd9b00f36a7a1666b8007abe955b496f797
-
SSDEEP
6144:giISBtWm7kQgIjRs6HcKBlVMrfuQK7Rq9e1+fnIE3mfHbHI5Cj604zhMBr1:gctWm7kQgIjRs6HcKBlarfuQK7Rq9u+m
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quote document.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Request For Quote document.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
M992uew1mw6Z - Email To:
[email protected]
Targets
-
-
Target
Request For Quote document.exe
-
Size
294KB
-
MD5
9fe3c4fe210d4dbcbcd600a0f3bafa8e
-
SHA1
0abb32cb963fdf10289f5a5c308a1be7eeb6bfcb
-
SHA256
22d69380285b3ae54c3ab153d36152c70a1d40e5e860ccb962ac564c86a6cdb4
-
SHA512
26d6b9b7f3dfc3c3d1741748234d1e155a424bd8dbfa6d40c658637c95a8c4646e9002c230f8fe04c26fb19fa3803bd9b00f36a7a1666b8007abe955b496f797
-
SSDEEP
6144:giISBtWm7kQgIjRs6HcKBlVMrfuQK7Rq9e1+fnIE3mfHbHI5Cj604zhMBr1:gctWm7kQgIjRs6HcKBlarfuQK7Rq9u+m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-