General
-
Target
RFQ (4500387063).exe
-
Size
430KB
-
Sample
200630-fxzb4zrcy2
-
MD5
a4cb84ddf99fb30ce17fd21b6e1c28a5
-
SHA1
9662ed80dbe678c1559ffc54285f5664ed630894
-
SHA256
16b611f0a2868d31b7d562b76fff4fb282da38d1d24838921631544cea1086e4
-
SHA512
4b48e9d15c4cbabc4ba0c3cd9d5c477de37cd1f5e0b8e9627de26edc5423ef3b7acdc6ddb19a1c0a2df19cce740c0c65d16922f885187f557df193664429f344
Static task
static1
Behavioral task
behavioral1
Sample
RFQ (4500387063).exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
RFQ (4500387063).exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
petersonhouston@yandex.com - Password:
faith12AB
Targets
-
-
Target
RFQ (4500387063).exe
-
Size
430KB
-
MD5
a4cb84ddf99fb30ce17fd21b6e1c28a5
-
SHA1
9662ed80dbe678c1559ffc54285f5664ed630894
-
SHA256
16b611f0a2868d31b7d562b76fff4fb282da38d1d24838921631544cea1086e4
-
SHA512
4b48e9d15c4cbabc4ba0c3cd9d5c477de37cd1f5e0b8e9627de26edc5423ef3b7acdc6ddb19a1c0a2df19cce740c0c65d16922f885187f557df193664429f344
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-