General
-
Target
673bf0611827fe48f9e1cb49afe15406467dc4fc1ad01d1c0b16a6c2f368de38
-
Size
1.6MB
-
Sample
220521-m8na1sdcc8
-
MD5
99af45ac209e21fb216a44bcf166987f
-
SHA1
912c48a956e21a7c6a5d502a05fcadd6bb457c9e
-
SHA256
673bf0611827fe48f9e1cb49afe15406467dc4fc1ad01d1c0b16a6c2f368de38
-
SHA512
e84efa2d30cdb834aa3940cc1f7ca2eb8cff668a4876234796632051463f9023f19f8aff4914e2653dfadde9fcc7c7bd2638f0de9a09d3462cbfb47180842bb9
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-19.05.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-19.05.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yltab.com - Port:
587 - Username:
imre.macsuga@yltab.com - Password:
VdwhsPd5
Targets
-
-
Target
RFQ-19.05.2020.exe
-
Size
2.0MB
-
MD5
9107953e95b38e558abd8e1ba4dd3c03
-
SHA1
78e3599524b5b5d13f01dfbf9cdfe8a65b6a4573
-
SHA256
c650f11c8c28f1dc49d06892ded6ab01fac0c3e364b43382a867dc0c9c67992e
-
SHA512
2186b1823f09c7ad7be42c49173d7e832e76729735a87a1a32444a7af48847240b149b754b4766f2cf02c3c01aafd0cb29ccfa69bbdbeab0c1e2342d96fcefb0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-