General
-
Target
RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
-
Size
703KB
-
Sample
210722-6eqlwfy662
-
MD5
78ef2d5c9e5d81948b1f1ab4ffb57f7b
-
SHA1
dc83666aa62b366696bb18b4ead5aedfa5b0ded8
-
SHA256
7eb0aa2bb9b4cd1c856ed48f3719bc000ad03d0a478cc9487536702585bdaebf
-
SHA512
65c42a51c8adcb57d7ddd42db131c879a82ca2f4a75b9bb19f933117b96591132de0e74f89a3be83919c63aaac5c7af5325f0dea7acb7b7f45896adc01374d4b
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scientificwebs.com - Port:
587 - Username:
logs@scientificwebs.com - Password:
qazplm@123
Targets
-
-
Target
RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
-
Size
703KB
-
MD5
78ef2d5c9e5d81948b1f1ab4ffb57f7b
-
SHA1
dc83666aa62b366696bb18b4ead5aedfa5b0ded8
-
SHA256
7eb0aa2bb9b4cd1c856ed48f3719bc000ad03d0a478cc9487536702585bdaebf
-
SHA512
65c42a51c8adcb57d7ddd42db131c879a82ca2f4a75b9bb19f933117b96591132de0e74f89a3be83919c63aaac5c7af5325f0dea7acb7b7f45896adc01374d4b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-