General
-
Target
52977c9b9eab04abbbf62bfb18501cf1df4d817e535705d2b7c3d7f8e963f19c
-
Size
444KB
-
Sample
220521-dhq5jsagfm
-
MD5
f25f6c2612938328af982cc769f663ca
-
SHA1
285b22510f4ab97cf6684749d8f81cf6c0bdf168
-
SHA256
52977c9b9eab04abbbf62bfb18501cf1df4d817e535705d2b7c3d7f8e963f19c
-
SHA512
125d10776b582eb4f3ca84b703ffadf7d408703e591e399196278244a8b5a54ab9ca5a44145fcff0501a915cb0ce2a571b529a88b7401f45075e65aa6f6a68ce
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 502480987.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ 502480987.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
gatefee22
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
gatefee22
Targets
-
-
Target
RFQ 502480987.exe
-
Size
550KB
-
MD5
b5a010678795bb33fbb73b20586da186
-
SHA1
f94a011740fedec598b4a83bb3e041bfe4ba077e
-
SHA256
0f3796394a5e425855d842187813997be61e79058cfc546da575b27cf8c09ffb
-
SHA512
69493637dd03b0f432ebb24e6a15f98d2bb4931936d6af948157088d9dff30ec23a2abf8aeb0683c01edc2647575a841764f23c201a6d293540d8de08f63f3d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-