General
-
Target
RFQ-PL2022.exe
-
Size
919KB
-
Sample
221208-p2yjhsaa66
-
MD5
0261a809d26ce14ea6a17ecf88d928df
-
SHA1
3e76422309284d232ac107a5c713524a7e72bf47
-
SHA256
42fefefaf3c63e6e11b4b5cb93071f6b34a4ff6d7af86da5790b439f05836e24
-
SHA512
117ecb471a312a4d607c799e486d58f1bfb79ec58933045d6c3edb7e8ab0e97e921cab7d3e47716011740e75a59ddcdf81ea7db308fd7801bb69b7e37ebfea39
-
SSDEEP
24576:E2ibJ01RGDylI8TjQkqGv6kwc0zjYPPMhwg5+RT:yJ0muTjQk3SkLaM0e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-PL2022.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
RFQ-PL2022.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
cash@scgthai.xyz - Password:
bG^VamX7@@
Targets
-
-
Target
RFQ-PL2022.exe
-
Size
919KB
-
MD5
0261a809d26ce14ea6a17ecf88d928df
-
SHA1
3e76422309284d232ac107a5c713524a7e72bf47
-
SHA256
42fefefaf3c63e6e11b4b5cb93071f6b34a4ff6d7af86da5790b439f05836e24
-
SHA512
117ecb471a312a4d607c799e486d58f1bfb79ec58933045d6c3edb7e8ab0e97e921cab7d3e47716011740e75a59ddcdf81ea7db308fd7801bb69b7e37ebfea39
-
SSDEEP
24576:E2ibJ01RGDylI8TjQkqGv6kwc0zjYPPMhwg5+RT:yJ0muTjQk3SkLaM0e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-