Overview

overview

10

Static

static

RFQ.exe

windows7_x64

7

RFQ.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    RFQ.exe

  • Size

    559KB

  • Sample

    200716-rc23qpy6mj

  • MD5

    7e62c5ed8c54d09ab424814681b2384f

  • SHA1

    7fac903f9a95f97f694150c159da7340dcc5b3d3

  • SHA256

    067b9d06a47a9ca284129833cf4d79dae27bb36c6bccef4bb6ef01bd649db763

  • SHA512

    37a0c727d3d6119b4208f938ea2505c8fff9a094dcb173168fd041eb28812aa02a1f7e66dadf178f24a182c2717c8645a923565834a29e12d33f081d44577f96

Score
10/10
spyware

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @jaffinmarknma@344

Targets

    • Target

      RFQ.exe

    • Size

      559KB

    • MD5

      7e62c5ed8c54d09ab424814681b2384f

    • SHA1

      7fac903f9a95f97f694150c159da7340dcc5b3d3

    • SHA256

      067b9d06a47a9ca284129833cf4d79dae27bb36c6bccef4bb6ef01bd649db763

    • SHA512

      37a0c727d3d6119b4208f938ea2505c8fff9a094dcb173168fd041eb28812aa02a1f7e66dadf178f24a182c2717c8645a923565834a29e12d33f081d44577f96

    Score
    10/10
    spyware

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks