General
-
Target
4e09d4dd3d6bddd35fba42f66d6a6883ac9d3f2e8e504af1f2829f325940cbfb
-
Size
377KB
-
Sample
220521-pls9vsagbm
-
MD5
56be0f3c6dd941fc72ecd2f425f7b0fb
-
SHA1
7491eb13423c3c219472a85b67654c6055f4a6e0
-
SHA256
4e09d4dd3d6bddd35fba42f66d6a6883ac9d3f2e8e504af1f2829f325940cbfb
-
SHA512
4ef4ba3980f092be04265eaecbff85a7e58cce5dc65ef9f0e9cdca4e180a4f3fd67bf3725d2f5219f9416fe7456773850b58cf46d947368b08c8bffe643b8dc2
Static task
static1
Behavioral task
behavioral1
Sample
RFQ #10072020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ #10072020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mdist.us - Port:
587 - Username:
receiving@mdist.us - Password:
Receiving#4321
Targets
-
-
Target
RFQ #10072020.exe
-
Size
574KB
-
MD5
faf8fa16db367aee00c9529e044207eb
-
SHA1
1ddd4c28cee94eb71245e9b7958653beb6558a93
-
SHA256
5c2ad1b9bc4c16fce888a0cf989f0c6885de81d0753d8863c7cf1de604c4c8e6
-
SHA512
eef35a9e647182f7adb7d93ef5c3d67fc4702bfa630614d6ed026f0465f8db68ff51bc6d6e607b52bfd3459c3bda7b9e2b54c43dd60ed95b803868c2ebb9fbd9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-