General
-
Target
RFQ- 19A20060.rar
-
Size
474KB
-
Sample
221125-q24wzabh93
-
MD5
39bafaec850d8ca204d839d8e54b0b07
-
SHA1
25297227104cfe5376fd3347ab8ecdabf11d488d
-
SHA256
1db859eb9aef5ca51d4af8d3eb0f263af3a497b3daf4dbedf1cdc6847c3213cb
-
SHA512
3770660f23749c239713f2c98a2c2b3c664b64d8adfa0cd39e14aa34353638415e32d6a09d0b14b2cb02b2732a359da8dde2982b3fa3bf4e388e6a188cab253f
-
SSDEEP
6144:kRdBlyerhZao8iWjT1cu7ONCvGXbD7hGwmvLNS5EX68KMl8J8PuhmJWkng0yMipX:QO8Zad/15OYvGXFvELxuTvcJU0yMipCW
Static task
static1
Behavioral task
behavioral1
Sample
RFQ- 19A20060.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RFQ- 19A20060.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.svcnc.com - Port:
587 - Username:
[email protected] - Password:
Krupashine@6791 - Email To:
[email protected]
Targets
-
-
Target
RFQ- 19A20060.exe
-
Size
476KB
-
MD5
18bc83da8bfabb01740276062d6e014e
-
SHA1
2b9e4c4d82fcb91ec317ba1ea94a43c99c1a88f3
-
SHA256
17fad325e9717e20c930f698f08f711320a505560e239b5de9df67c62258a3bd
-
SHA512
718cbb37c7248661a778dfa8015e232e87cd00d6cb606e9b0ba4c0d63fcf52f493ee6bbb6d479f60c1428bf6384012cce7a81a8c3a16914114e0394f1bcd5381
-
SSDEEP
12288:/foXfDjiFs62c4Y40p9LqwFpFztF2+RCEUKMJ39Lavxrp:YXfDjiFKcFuwFpDQ+8HKMJpU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-