General
-
Target
805c1ba1a839e79293bd7e044ec0845b5e90cddf65d458649854c4954a976225
-
Size
367KB
-
Sample
220520-2xstpagbf4
-
MD5
c58f171be6e269aa16b82b82add8b16c
-
SHA1
8fa32edaca3d42b2b9a2543886a6d1462f57ca18
-
SHA256
805c1ba1a839e79293bd7e044ec0845b5e90cddf65d458649854c4954a976225
-
SHA512
4c27d9409d626aacd3a91e4552f46426604cdf51a292b4b502e29cc7b9ea7c04823ffba24bf0fc9824c709878eff92d90e0ee3095d0e0202431516e0792b4f92
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@jaffinmarknma@344
Targets
-
-
Target
RFQ.exe
-
Size
409KB
-
MD5
d29fd374ffb5bd95937ed1084caefa8c
-
SHA1
4320812a3197c17ad10d6c36608c740e9b89f2bd
-
SHA256
f6c8c308519b9019ae0cce0d21759aea395e35f746b0a3853218ab321e8c8349
-
SHA512
d5fb85fe82e71272a98b1ef88eac93480f4716e51fa173e3c3c8f858c1616edd53878b5582e80d67ef111cce3f50e25d39489c783c52370f38d169f345fd35b2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-