General
-
Target
17a092cc9473e0deb429c1e693476f27dc39d9f82b349a73a0e43af338c084f8
-
Size
481KB
-
Sample
220520-2m5qhaffc5
-
MD5
b76fb8afa1e06fd2cb4806521363c6d1
-
SHA1
08cb62e843f92b98b67567d023c14cb14247a261
-
SHA256
17a092cc9473e0deb429c1e693476f27dc39d9f82b349a73a0e43af338c084f8
-
SHA512
fd84347fa8af6cb8e35a76fa350c7ce7e1cf47ab493732c4c7a78dfdacd302dbf288309ec024b814dfd3f655327de9a6d6a46d5d3caab14f21ce74289b37e94a
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 4130.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ 4130.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Extracted
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
RFQ 4130.exe
-
Size
812KB
-
MD5
6fe80178c6f3c6f378e4c912084b361a
-
SHA1
39817ec4aa705c3c6b06482d2204bde8602f7b7c
-
SHA256
6c7bf42396c259f45697b3582c5449e0b82059690eb3a7ad4ec3bc2a90a282c1
-
SHA512
eaec66679c167d4399ac0fcda9dc62bdd1573f92e8bc16dc4a33f050e71c10cb775b25ca194cbbf79e9937b1169776fe7f1ed37cd56f3f46a306745382dbae31
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-