General
-
Target
RFQ.zip
-
Size
400KB
-
Sample
210226-j65b34hdps
-
MD5
0b0273bc88bc76517b09cf7831739f54
-
SHA1
dd23beedf72c20bc879943a4d7c6db78b8d8dc3b
-
SHA256
7eafd68528456b8716f600f930244a127395599274ed708ed8f02e6e7a68f373
-
SHA512
7ded414a99c8571fd870d65ba3d3ec331865f0cddc683ee6d3e94609465ec5041ec583960f3333e344aef8bf7530aab845054731fb0059f51496e400d195aa9e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1430995407:AAHXagqOb3lOiloF-tdsg1GOLPStlDuzDNw/sendDocument
Targets
-
-
Target
RFQ.exe
-
Size
519KB
-
MD5
59addf908576fc93f44a53596bfd79b6
-
SHA1
b62ffb71adbe02aa75fec583d3b9e68f16b6acfa
-
SHA256
ce45f8e14c6ad2c325d7b4037dbcdc5f3308a9e9aec290ed9b91809054a4a4b8
-
SHA512
8d97a7abade54313e896f6725fe2aa76fb2bec30ccf4d1bceed218cd8fe711bc5b53627bd4a080380f97e198f16fd466e6ef1a8d50cc2942cbe18252400fccbc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-