General
-
Target
3dfd5cf8a8661a448ac86d4aad831509092bb63556cdea451b8e93f6b678532d
-
Size
462KB
-
Sample
220521-ex53pahha3
-
MD5
0a8eef7cbc93852517a554b1a13f31cb
-
SHA1
5735af7b6cdf0c008215a3488484ba8291b0ef5e
-
SHA256
3dfd5cf8a8661a448ac86d4aad831509092bb63556cdea451b8e93f6b678532d
-
SHA512
b3e8e787a6df2937a0e47505d67d8865d933e1c18cf66dbcad19a5175705912df1e0c419cbb4e11ad09fb46b5d62f2deeebc5377173897a3dcdec818daba0e7b
Static task
static1
Behavioral task
behavioral1
Sample
RFQ T7-30032020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ T7-30032020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.fipco-sa.com - Port:
587 - Username:
[email protected] - Password:
breakingnews77
Targets
-
-
Target
RFQ T7-30032020.exe
-
Size
697KB
-
MD5
a189817dbab853329eb05c34f1c8e5e5
-
SHA1
68f28e839fc32aa4f2b62d8aaac49c8127b18e0a
-
SHA256
4850ce25c3caf99fc7f558ec6666d08c43d69ed4e1be9a8fd37f289db69561ab
-
SHA512
3a5756d37b4de9f2a6b2ef59a11ab01ffd145791c5a136a882e1a520072cb344b697a84e4520c3a58246fc924f7a0f316ac1bc0c8ba9458ba3e88a1ba6cd8041
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
AgentTesla Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-