General
-
Target
RFQ-034.scr
-
Size
57KB
-
Sample
210408-3w3lpgbgaa
-
MD5
0b0714c8f6fae9579ff074872cf987de
-
SHA1
847dc02d0c9d80c0eea7047a0fc85457ffd2cbb4
-
SHA256
c3528956666ac901c406c13e9b265cb805424e91919db91a1fe2227ffbc15c7a
-
SHA512
4edcecfced136a1bb0d376b9b1a2b607fed248c838e820faea53cb06323b8138ff4415b6bbd311ef75d7de13f70cd1e77c6bfe3fd1ab07f6f28d601bf29bd2e5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-034.scr
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.guangijpharm.com - Port:
587 - Username:
morale@guangijpharm.com - Password:
blessmegod@77
Targets
-
-
Target
RFQ-034.scr
-
Size
57KB
-
MD5
0b0714c8f6fae9579ff074872cf987de
-
SHA1
847dc02d0c9d80c0eea7047a0fc85457ffd2cbb4
-
SHA256
c3528956666ac901c406c13e9b265cb805424e91919db91a1fe2227ffbc15c7a
-
SHA512
4edcecfced136a1bb0d376b9b1a2b607fed248c838e820faea53cb06323b8138ff4415b6bbd311ef75d7de13f70cd1e77c6bfe3fd1ab07f6f28d601bf29bd2e5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Turns off Windows Defender SpyNet reporting
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-