General
-
Target
RFQ.exe
-
Size
585KB
-
Sample
211021-ewdbaaafhp
-
MD5
e3fc0a2977f6ace1e8dcc4d170613b6e
-
SHA1
0fd7d3e125ae5971855a1ba0e204ec5ae0f4829d
-
SHA256
24e27b79291475c64e5f2a71833ac988a888e66c86d32ad5d5b20be3b7717604
-
SHA512
1b19a53b46d5a7c2d2ac7c5c3595f775f78da42e5f8ca3babf1e71406c5d990447238aea61be66c28eff0bc620fc7a5858181e4e97b2f38e694cb7b27708bef2
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.conreivestments.com - Port:
587 - Username:
john@conreivestments.com - Password:
~zi@3dw1_IqN
Targets
-
-
Target
RFQ.exe
-
Size
585KB
-
MD5
e3fc0a2977f6ace1e8dcc4d170613b6e
-
SHA1
0fd7d3e125ae5971855a1ba0e204ec5ae0f4829d
-
SHA256
24e27b79291475c64e5f2a71833ac988a888e66c86d32ad5d5b20be3b7717604
-
SHA512
1b19a53b46d5a7c2d2ac7c5c3595f775f78da42e5f8ca3babf1e71406c5d990447238aea61be66c28eff0bc620fc7a5858181e4e97b2f38e694cb7b27708bef2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-