General
-
Target
RFQ-Powertech Controls Co, Inc.exe
-
Size
529KB
-
Sample
201109-9fkmx7j4l2
-
MD5
7bf4cb7edeedb6c539eb0beaf28371a7
-
SHA1
96971e2fb4d5ea354cf03925a7b8fd47dd346b1b
-
SHA256
5d100d55c4d2acf92f6f690e546c5a0e7ad6750520809a3f226783d99623aed7
-
SHA512
8b648a440206196618fb46d10076d0bdd3e2cf91a421cc7b1b3cf826005111e04b15dcab6d56d33272904b4257ecb6809f21fa2c1b0dbdaf566a29662ae7c919
Behavioral task
behavioral1
Sample
RFQ-Powertech Controls Co, Inc.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ-Powertech Controls Co, Inc.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alvadiwipa.com - Port:
587 - Username:
murti@alvadiwipa.com - Password:
glodokplaza15
Extracted
Protocol: smtp- Host:
mail.alvadiwipa.com - Port:
587 - Username:
murti@alvadiwipa.com - Password:
glodokplaza15
Targets
-
-
Target
RFQ-Powertech Controls Co, Inc.exe
-
Size
529KB
-
MD5
7bf4cb7edeedb6c539eb0beaf28371a7
-
SHA1
96971e2fb4d5ea354cf03925a7b8fd47dd346b1b
-
SHA256
5d100d55c4d2acf92f6f690e546c5a0e7ad6750520809a3f226783d99623aed7
-
SHA512
8b648a440206196618fb46d10076d0bdd3e2cf91a421cc7b1b3cf826005111e04b15dcab6d56d33272904b4257ecb6809f21fa2c1b0dbdaf566a29662ae7c919
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-