General
-
Target
RFQ Gas Pipeline RS003 - 01.exe
-
Size
731KB
-
Sample
210511-x91p1zk9ds
-
MD5
b5634b763669d07859bc6fc83c22a4cd
-
SHA1
4555074dc437ff0f5adb3d83df8fdce9593df968
-
SHA256
4b5b9b554eb832db072581a89807301c294360acac0a605c9d97e0d2d06f621a
-
SHA512
4d7480817705aee9f921ed6978b8cec3bc99903b349153282d4bee8d4b83698e0ade30e1b8ec9a7257bf35c4a79466bf43753cbe47fd894d17dbc334b8a1c62a
Static task
static1
Behavioral task
behavioral1
Sample
RFQ Gas Pipeline RS003 - 01.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ Gas Pipeline RS003 - 01.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.buzon-th.com - Port:
587 - Username:
lnfo@buzon-th.com - Password:
EawrAmEfow
Targets
-
-
Target
RFQ Gas Pipeline RS003 - 01.exe
-
Size
731KB
-
MD5
b5634b763669d07859bc6fc83c22a4cd
-
SHA1
4555074dc437ff0f5adb3d83df8fdce9593df968
-
SHA256
4b5b9b554eb832db072581a89807301c294360acac0a605c9d97e0d2d06f621a
-
SHA512
4d7480817705aee9f921ed6978b8cec3bc99903b349153282d4bee8d4b83698e0ade30e1b8ec9a7257bf35c4a79466bf43753cbe47fd894d17dbc334b8a1c62a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-