General
-
Target
Request For Quotation_pdf.scr
-
Size
1.2MB
-
Sample
210113-3rtbn7h6fs
-
MD5
a9125d57b0d4162e7da34d6b8c10836f
-
SHA1
56bcb534abe3e5111b07b4f502b647fb5584b905
-
SHA256
4f84f23b927e4a2f6f64d0c824777c1e0edb05f8f83a662ef59617793582cfb6
-
SHA512
430731a8792d27fac18be517bb200a514cc8b7d72e90d0bdfcd630ba85600c46633f13b3499eea0993573122c07dd5015fc2318b7e13dbed9495222822d6930d
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation_pdf.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Request For Quotation_pdf.scr
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
diamondraylog@yandex.ru - Password:
tonyelo000@
Targets
-
-
Target
Request For Quotation_pdf.scr
-
Size
1.2MB
-
MD5
a9125d57b0d4162e7da34d6b8c10836f
-
SHA1
56bcb534abe3e5111b07b4f502b647fb5584b905
-
SHA256
4f84f23b927e4a2f6f64d0c824777c1e0edb05f8f83a662ef59617793582cfb6
-
SHA512
430731a8792d27fac18be517bb200a514cc8b7d72e90d0bdfcd630ba85600c46633f13b3499eea0993573122c07dd5015fc2318b7e13dbed9495222822d6930d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-