General
-
Target
RFQ03121013.arj
-
Size
657KB
-
Sample
210722-wqabl7wf9n
-
MD5
f07c1bee1f11bdb6814479132e66a534
-
SHA1
ab66a7e13bd054cf033e82b77965652b053758c3
-
SHA256
7fa3b55ce11219e0e1ec66f25d9eb886a0510863a2d3c98a79c817ffd5d579ae
-
SHA512
c9447af1f9ea3c73887e21880e117216861cdc55c7bf0912854dca980c350f9b230815cbd06d8b2f0771440539eb59f74c7d960f925ca4d31efa1cd0564119c8
Static task
static1
Behavioral task
behavioral1
Sample
RFQ03121013.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
Amalogs21345@
Targets
-
-
Target
RFQ03121013.exe
-
Size
767KB
-
MD5
b865eba7ad12435f66fcc532eeb6f2ce
-
SHA1
53c1a9b23d65b6dc77bf79aebdef23ee815106f7
-
SHA256
a22a93aa201096c6ae9d68aa245093f3b922b90e31a529ce94bcdbd2c0507e86
-
SHA512
e0c8080044ad1d0a57f70c4834be9b62468bd61ec85f3464dfcdf1efe6efba6b9b22f57f1a6294c729fcaa9f0a4a79a28e5b03fdb05d4fae0781eca18ee07265
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-