General
-
Target
RFQ pdf.tar.gz
-
Size
408KB
-
Sample
210226-7wefgqxnw2
-
MD5
677f7c3940ef835ff36bb7ac948bf805
-
SHA1
ae06c4ce12b656be056cc366b4661cd84b19d674
-
SHA256
ea14b2f05572c2086fbede5fde7c6b94b4f9a2d378680c656510f32bd1445e39
-
SHA512
63c3053b7f9afa6bb6a99346a9a09fc721b463e7e2c55a7de601e0c23a2e61fcf7681e397df3ec3bf6f90572e54b9c27502d479bc7924929f4e48ceb8ec7d271
Static task
static1
Behavioral task
behavioral1
Sample
RFQ pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ pdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hermanusbearings.co.za - Port:
587 - Username:
[email protected] - Password:
$Victory2019$
Targets
-
-
Target
RFQ pdf.exe
-
Size
527KB
-
MD5
0835d407446f230b2118ba9f5a0d76d0
-
SHA1
6629c2d479fff511f903bf7a6489dd67f82e8bae
-
SHA256
80622d6bf536ca1e21f411864d3c4af7f4ebded98ea3aeeb6c99b964b247e3ca
-
SHA512
6633ac50c911cc578da47a0374b6bd2ec205990a5ee718fb1412291247f717a304d230fecb877b9316a9c095fc74b61bf69158e5dbca696656fe6d2851aa97d1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-