General
-
Target
REQUEST FOR OFFER.exe
-
Size
847KB
-
Sample
210223-s2g8advjne
-
MD5
0fc3feecc0164c588f7afab6e51d566b
-
SHA1
60115fc27261ecf866c1900d3d5f59520a2ab65a
-
SHA256
b5a2fbfeb80e2e92039a23615df8b8f63f42d1331528f514b312d4946dc22607
-
SHA512
1e01b97a415c25408ffa99c1811c9861b0e3857b55f7ef951c28edf64f79b6c440cf7bcc3a0240c7db4400a980e9ed85d2988e036b99aea3d9027037b7ef61d5
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR OFFER.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
REQUEST FOR OFFER.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.cumjtas.com - Port:
587 - Username:
velikarakus@cumjtas.com - Password:
Brave123
Targets
-
-
Target
REQUEST FOR OFFER.exe
-
Size
847KB
-
MD5
0fc3feecc0164c588f7afab6e51d566b
-
SHA1
60115fc27261ecf866c1900d3d5f59520a2ab65a
-
SHA256
b5a2fbfeb80e2e92039a23615df8b8f63f42d1331528f514b312d4946dc22607
-
SHA512
1e01b97a415c25408ffa99c1811c9861b0e3857b55f7ef951c28edf64f79b6c440cf7bcc3a0240c7db4400a980e9ed85d2988e036b99aea3d9027037b7ef61d5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-