General
-
Target
RFQ.pif
-
Size
793KB
-
Sample
210722-eetc9ncdnx
-
MD5
8faf3df57f1bf78beea427593b0910c4
-
SHA1
34f825ae4105d49603ca58ce36eed47ccce94f62
-
SHA256
7b1d2f2e48d2f1c83a5524ae8febc8594f67d1bfdd76955b9a98e91bd6494279
-
SHA512
d6113bbdd60af4f667ad5e6cf47edc5fe4b445a6696458bc18a4ab4bea114689f32b3a474c230a9152e175f4bec2c8289f0d2c13c9d699211d4ef3051b7807d9
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.pif.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ.pif.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
myrecords1248
Targets
-
-
Target
RFQ.pif
-
Size
793KB
-
MD5
8faf3df57f1bf78beea427593b0910c4
-
SHA1
34f825ae4105d49603ca58ce36eed47ccce94f62
-
SHA256
7b1d2f2e48d2f1c83a5524ae8febc8594f67d1bfdd76955b9a98e91bd6494279
-
SHA512
d6113bbdd60af4f667ad5e6cf47edc5fe4b445a6696458bc18a4ab4bea114689f32b3a474c230a9152e175f4bec2c8289f0d2c13c9d699211d4ef3051b7807d9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-