General
-
Target
84e8e0fb65510d250e5427aabab3dfd60c0562c60f13ed5e4fa8410fa216c53b
-
Size
365KB
-
Sample
220521-ahv7qadbfl
-
MD5
231bebb5118a261ab3b02d5cfa95b5ac
-
SHA1
9fdf371d96620ce6301b0f44d7e290131665518b
-
SHA256
84e8e0fb65510d250e5427aabab3dfd60c0562c60f13ed5e4fa8410fa216c53b
-
SHA512
e95ef809ee1acbf2858ff637d157504791b9cad2cf8bfc29a3004e21b04a64eb2066b0888cb6fc4a0527ba2f816b256e0c18071f2157fd35b7ddf313d02e92bd
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@jaffinmarknma@344
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@jaffinmarknma@344
Targets
-
-
Target
RFQ.exe
-
Size
420KB
-
MD5
55ee586dd55c291e9829fe345028de76
-
SHA1
e1457c39c4412c5b7ab3f12767025177f0b6c03b
-
SHA256
ffd474ba42b484a0c7eb8688e37334d55e65c49dcb88dcf3bc542276cd7d5348
-
SHA512
fa5e1ebcd2573943da0c5926ae232333ec0c17536fdfafd5be0b675f5d569a27e7727ee44cab6c6bec27fc9a81dd6b09e90a6490242b296a00561fe78564f42f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-