General
-
Target
_RFQ12_AMD20200422.rar
-
Size
563KB
-
Sample
210423-9ec3wn6qf6
-
MD5
213122df1b31334e57b3b18c0feb5162
-
SHA1
bbd048d453264a7d20dcb75a660cbdc758831abc
-
SHA256
5bc6c8848174187f2b4ef2a36356edd96e3d6f438d7bb0009825fc3b8a937cc1
-
SHA512
5d2106d426f1946d7def1993cc038129f81cbc3a38b2677af6ab3b889938dab99828469a722520676c4c0fde6e1144872159a832a2f456b5ea105a4e65c7754e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ12_AMD20200422.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ12_AMD20200422.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.qdsaes.com - Port:
587 - Username:
andy@qdsaes.com - Password:
)oNvVYl5ceo2121
Targets
-
-
Target
RFQ12_AMD20200422.exe
-
Size
856KB
-
MD5
0c2f04abf97efca32e1c920a70709122
-
SHA1
a2d913ce122c815024e546ace827405388c41a3e
-
SHA256
e07ba21e5d098a88ce3e45d9ed869b30726c31bd13b6a88205a80265a45f605c
-
SHA512
b5ace9e02ce711dff299c151b27f4323603bb946e318048a6de38aef1e2b2f27aca2f9cb735675e4f713349b4cbbbf193d691ae6628d12a62b57052786577491
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-