General
-
Target
8ba994c442daf0e263b24203bf013eff5d99e1efa9ade9a419c41e3c8f3b00d5
-
Size
1.2MB
-
Sample
220521-ph8v5safal
-
MD5
26aff259fa685a9dfe4e51e4927a4a0d
-
SHA1
5c510c41adc8c207c65966a7bfe41c972dfd6cca
-
SHA256
8ba994c442daf0e263b24203bf013eff5d99e1efa9ade9a419c41e3c8f3b00d5
-
SHA512
299302dee24101c6c359fd67930467ee83ba4c0afac67742d45fa1b4802a44402f88cba638b52997b3f4b83dcab64962447357afec1c4b3adef0d9849d060cdc
Static task
static1
Behavioral task
behavioral1
Sample
RFQ ORDE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ ORDE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
dimple@xliftginger.site - Password:
Naija81,J
Targets
-
-
Target
RFQ ORDE.EXE
-
Size
435KB
-
MD5
53c5f7bcea55b0ae4fe62addeafda2c8
-
SHA1
4d0cbee8db2201af13f987cb5e7527fcf507e2b5
-
SHA256
f81ffe76cfa1447a52ab6613c83933a5040b49221bb16c5a86ba416b3026240b
-
SHA512
79f6c152a008ffd28b63772f940541c56af5379fea8e254596ef05c2d8231d09fa6ecc91b8ec978cf77e938c4aca39f59656ee00dcc4ed5e26f0ff103ecce888
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-