General
-
Target
RFQ155115.exe
-
Size
809KB
-
Sample
231205-ztefsafh83
-
MD5
bc7f894d4ac5380359cc4ecfb5e89540
-
SHA1
dc4c07d683c482f878971840a407efac016ce360
-
SHA256
ded4d7400f9b37aa33cddbe13bb8f7bbb3a3acf4e4708d0b7cfededa46ffb79b
-
SHA512
d6c4c9240173b3bcf673980da8a40c811c94616512414b12fa99c4b88c03a2aa306724586ae478c23292c658ed6409d719dbfc256dbc8232959d01fd3d012b92
-
SSDEEP
24576:9XKtD/61Ijjp/M5VYLCrrVCm51jNOOty+oZQGF3z:M6Kjjp/u5XV/bjQ0mZt
Static task
static1
Behavioral task
behavioral1
Sample
RFQ155115.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
RFQ155115.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mymobileorder.com - Port:
587 - Username:
[email protected] - Password:
Grace@2023@121 - Email To:
[email protected]
Targets
-
-
Target
RFQ155115.exe
-
Size
809KB
-
MD5
bc7f894d4ac5380359cc4ecfb5e89540
-
SHA1
dc4c07d683c482f878971840a407efac016ce360
-
SHA256
ded4d7400f9b37aa33cddbe13bb8f7bbb3a3acf4e4708d0b7cfededa46ffb79b
-
SHA512
d6c4c9240173b3bcf673980da8a40c811c94616512414b12fa99c4b88c03a2aa306724586ae478c23292c658ed6409d719dbfc256dbc8232959d01fd3d012b92
-
SSDEEP
24576:9XKtD/61Ijjp/M5VYLCrrVCm51jNOOty+oZQGF3z:M6Kjjp/u5XV/bjQ0mZt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-