General
-
Target
f1cef25c222afb495094a564b5ca29c7fb9f2cef3ba1dda6b41a44ea3de5d75d
-
Size
1.4MB
-
Sample
220521-carwfaded4
-
MD5
4e560940bbda2b5e870027aad034dd17
-
SHA1
1548e201beb605b2a43dc95aa985a8365b4c7d01
-
SHA256
f1cef25c222afb495094a564b5ca29c7fb9f2cef3ba1dda6b41a44ea3de5d75d
-
SHA512
2cca06800e7ecf34889b9912d51f73d7ed3e71dd33f9b8118bf5d80112facde6ca272f17abd808f6a207759a32414dfee90d00b3b1967c1f92a1aba72e721fc5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ12EAS.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ12EAS.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
RFQ12EAS.SCR
-
Size
844KB
-
MD5
781182974459dd7e9b6ac48c89596f03
-
SHA1
360f5752a562195b4c76c41d31855399477b4590
-
SHA256
1d1f1118f0abad06563b370709b721291cc6b0a681486d7432738a8e2ddd02b5
-
SHA512
7b15345eb1c50f5d246d4c2b1e748fc5086af2505385cfafa2970ea14fc785c2dae354227a9907d557753e678a8cba892d2e014aa549cf71a189b78e32ba7d1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-