General
-
Target
7200748e55269a97a84abb10070061e04f272d902f86c2ed0fea33225e042bd6
-
Size
396KB
-
Sample
220521-bjn1gaehhn
-
MD5
ea579ea6ea3eb0dd10e65254e4938cf7
-
SHA1
2980f085f2a0f5c4aa5951ac573f8e50148e000f
-
SHA256
7200748e55269a97a84abb10070061e04f272d902f86c2ed0fea33225e042bd6
-
SHA512
27812d849d22e1613af24e0a74e2631256526331def9aa94c445baf892450e9b65d105a1dff077649e94f2b7d1484e931c77a75d0cc277bce8e3b0a8dbc8935c
Static task
static1
Behavioral task
behavioral1
Sample
RFQ (4500387063).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ (4500387063).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JesusChrist007
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JesusChrist007
Targets
-
-
Target
RFQ (4500387063).bat
-
Size
665KB
-
MD5
64b3b21debf0bd2f82435b17bf774d8b
-
SHA1
2e23acedc6f0d3e136ce5e1d6709b7f0b6a50304
-
SHA256
7079cca8dabf1431d9b2f4c4d74bc6856991d583ed511e39a229a760ffe47d85
-
SHA512
330eb1ec806a09662b5ca05af1e9f7014e86a75d6d4a7cc98592948038f612288d298087bd67281281f4398e5e34d89d7e57adb4a149fa61d4f575882d685251
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-