General
-
Target
2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8
-
Size
366KB
-
Sample
220521-xmjqtacag5
-
MD5
43ac4837ede606f770bdc08667d5ed13
-
SHA1
526bfef123357bba6ba8b347bf7f82ce294954e4
-
SHA256
2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8
-
SHA512
e3fdcca4f025d770d4fc95b76f6b19b358b70a51a9f5eb93c25dece3738d1357e0bea7a81693020f964fe5ee444978ddf278a02764738202058980065171e512
Static task
static1
Behavioral task
behavioral1
Sample
RFQ140820.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ140820.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
jaffinmark@yandex.ru - Password:
@jaffinmarknma@344
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
jaffinmark@yandex.ru - Password:
@jaffinmarknma@344
Targets
-
-
Target
RFQ140820.exe
-
Size
411KB
-
MD5
09013774aa4a7b0a4394f394a0f2fb42
-
SHA1
9cd0e4e63f41ffedb73cb26b73dea0ea661fd216
-
SHA256
6011714f77a9cfdf682b04df3490a0ca227d9a64074946304b8ccd0c83e6264e
-
SHA512
f5676ee01bc1aeaf3877202dddcbbfe68921ef2363f4b70f907b05ba3921e519c50f0cb780ae52245894079b49b134f42c2352c2170a3c1f31842e9da7451d56
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-