General
-
Target
RFQ-WO10 #384573-pdf.gz
-
Size
12KB
-
Sample
211025-g1gwdafff5
-
MD5
ff71132b5fee1a13f23f2f34f8f7472d
-
SHA1
b04eda6d2f213fb3900a3fe8bb1d40f6fddaac2a
-
SHA256
33890c0f3448f0e2adcf1a43cd023298b05e53b944699de720ec18f9ebab3357
-
SHA512
ab4dfeec01e860fa34befe1e3048e4ae6fd188d92b9cf52010a06a30fa3ab10f32504609d9d69ac2df9e61a6ec123ae716919c04ccfdf616a90fd5ac6e9d5aac
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-WO10 #384573-pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
RFQ-WO10 #384573-pdf.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fclbd.com - Port:
587 - Username:
ctg@fclbd.com - Password:
abc@123@
Targets
-
-
Target
RFQ-WO10 #384573-pdf.exe
-
Size
27KB
-
MD5
e767b4d87898a75cc0d0e031e29b7284
-
SHA1
25904e769d89aa44780a4b10153744d2fa533ec6
-
SHA256
119d1a20d3e248a55981b6798bfd80191217e143feaa1e2774e4cb813bfbe6bf
-
SHA512
fdbf41860bf490ce060575914c174f1aa19d4e0d97bb0415250d5046c77e632babcdd8a2634c81650db68c8053647bdf09b68e181516c5df99dd7ebaa81fdc1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-