General
-
Target
RFQ.exe
-
Size
519KB
-
Sample
210226-pclqynk14s
-
MD5
59addf908576fc93f44a53596bfd79b6
-
SHA1
b62ffb71adbe02aa75fec583d3b9e68f16b6acfa
-
SHA256
ce45f8e14c6ad2c325d7b4037dbcdc5f3308a9e9aec290ed9b91809054a4a4b8
-
SHA512
8d97a7abade54313e896f6725fe2aa76fb2bec30ccf4d1bceed218cd8fe711bc5b53627bd4a080380f97e198f16fd466e6ef1a8d50cc2942cbe18252400fccbc
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1430995407:AAHXagqOb3lOiloF-tdsg1GOLPStlDuzDNw/sendDocument
Targets
-
-
Target
RFQ.exe
-
Size
519KB
-
MD5
59addf908576fc93f44a53596bfd79b6
-
SHA1
b62ffb71adbe02aa75fec583d3b9e68f16b6acfa
-
SHA256
ce45f8e14c6ad2c325d7b4037dbcdc5f3308a9e9aec290ed9b91809054a4a4b8
-
SHA512
8d97a7abade54313e896f6725fe2aa76fb2bec30ccf4d1bceed218cd8fe711bc5b53627bd4a080380f97e198f16fd466e6ef1a8d50cc2942cbe18252400fccbc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-