General
-
Target
a40a664137a3573248372810f32015f2e0e1f93d000bb8d45a455b5c1c8691d0
-
Size
335KB
-
Sample
220521-pt5mvsgac3
-
MD5
99f02941df7d879298f5234581717e45
-
SHA1
ef35ae182f86d7d279fc96486ceed006e593c915
-
SHA256
a40a664137a3573248372810f32015f2e0e1f93d000bb8d45a455b5c1c8691d0
-
SHA512
fc7ee58fa8d8678c0a5b86c4d3c7553facfddd97af61440729e9f3a3a048bfc6162b3237699fe7c0a521dee2d759b5c9477e2c5cb4d731525b7e3070780f1f8b
Static task
static1
Behavioral task
behavioral1
Sample
RFQ0392.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ0392.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itdone.cz - Port:
587 - Username:
testovaci@itdone.cz - Password:
viObavejMa
Targets
-
-
Target
RFQ0392.exe
-
Size
389KB
-
MD5
b3911724ce21ecfb5c68e35848a49ded
-
SHA1
5a598183755980fa9719ede513244099ee315462
-
SHA256
bb8e4fd77036e0c835a7362aa8288dc6d24a935917455d8c6dbdf28361ff725d
-
SHA512
1e41fe3de2a9ccacb8abb8c5c557e38ff186375b9d902b2992f248d77017dc56a930cfce3ad629f78349c5a9a3b9fc1c969051c376800972bd4b56108541911f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-