General
-
Target
60d64391a2d2632f20b0861d2f74f6568fb70bcceedfaf998db1d88ad4a4cc81
-
Size
1.5MB
-
Sample
220121-3svm6adhdn
-
MD5
5a6063f82f30891759b87451ece26282
-
SHA1
f84bdf14cba2537e0ce95f3fcc5ba4f69033d94a
-
SHA256
60d64391a2d2632f20b0861d2f74f6568fb70bcceedfaf998db1d88ad4a4cc81
-
SHA512
5e99628aa2ef807f7ae594118242ab9f0ec78cc69efb7f79a5dd709eb8dbfeb077414266c3f042e466c0be6b065c479ac2ea9007bf4516c02b852ba5efa84245
Static task
static1
Behavioral task
behavioral1
Sample
RFQ__PR_.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RFQ__PR_.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
RFQ__PR_.EXE
-
Size
955KB
-
MD5
6d823d1b2a16711319fa18cd7572dd5f
-
SHA1
939bd30ea50d1aed08709d404fb2fc3ec560bdf4
-
SHA256
af77d39da76931a81bfd25f69b8bada064540e564af4848d5f87abb3c1eae795
-
SHA512
b725130440f061665edebe68849234b6c64d68fcc9509cdd90cedb72b67ea135f7c64e4dc2d71a6fce64f8593e5138f06628f2a2c56c366328a449c94e0165c5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-