General
-
Target
4fcb2786574c16bb19cc5a8300d303ae7a6cc8d75d51c187a78064623ce897af
-
Size
544KB
-
Sample
220520-3cvcfsbfap
-
MD5
22d027fb0ef530fab7ba7aee0ffbf9e8
-
SHA1
e45fa325418c338dd65654578a8b7159a70a72ae
-
SHA256
4fcb2786574c16bb19cc5a8300d303ae7a6cc8d75d51c187a78064623ce897af
-
SHA512
b51237e42ec86f673aff2c1a16e1dd4c577eabd6796cc1f694958f9f70483252b8d8b08d1b407c2d199f8f6ec6985e7401a51df8b1ad800baef5f16819172473
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-00339.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-00339.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
1104780540cuome@123
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
1104780540cuome@123
Targets
-
-
Target
RFQ-00339.exe
-
Size
484KB
-
MD5
c172748cfe7ca874368ce42d20beb746
-
SHA1
137df03c92678d547131fa6fff979b21e0074f44
-
SHA256
af1c7c8b7ec14a80bcc5799f562caa774702607c610349a413e363ab0d0d6168
-
SHA512
8b9279bc85a072b1b57eed200e94b4fa17bf4df7e81eb1e49617b1a932c15daaa872ddf6ad37728f26959f377049260e32193b9848a61eed5bdc5fbb4ec035ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-