General
-
Target
RFQ.exe
-
Size
228KB
-
Sample
240408-nc45bsbb7s
-
MD5
10d4e066efcd44d9747d5d2cbe8995ce
-
SHA1
d05fcb43118ab2ab98221e668d5cc5a2dd869dc4
-
SHA256
e238672df7f0d8a1440fcaeddf6051cddc05866e59e4d162cc416b6cc3c9e6ce
-
SHA512
06ff4605affa86051f031bc930ea3c6c8217cd4424aad0fb3277aa0a919738e5e5343a9eb80f05a01957a3dbd051338f440ab06a03976ada4a8a3fc0639ff46a
-
SSDEEP
3072:QJl7eq37BRv4SlPZJDJVuBMw/GAhdlaxxDcYjIMg3U84Mwwvf8TZfehnIuNy7GmL:QJZXASdSS/AjlaAYfgE8TH8TZfY5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://80.92.205.47 - Port:
21 - Username:
delizzasuppl - Password:
99EK7bvTZr4zBnwW
Extracted
Protocol: ftp- Host:
80.92.205.47 - Port:
21 - Username:
delizzasuppl - Password:
99EK7bvTZr4zBnwW
Targets
-
-
Target
RFQ.exe
-
Size
228KB
-
MD5
10d4e066efcd44d9747d5d2cbe8995ce
-
SHA1
d05fcb43118ab2ab98221e668d5cc5a2dd869dc4
-
SHA256
e238672df7f0d8a1440fcaeddf6051cddc05866e59e4d162cc416b6cc3c9e6ce
-
SHA512
06ff4605affa86051f031bc930ea3c6c8217cd4424aad0fb3277aa0a919738e5e5343a9eb80f05a01957a3dbd051338f440ab06a03976ada4a8a3fc0639ff46a
-
SSDEEP
3072:QJl7eq37BRv4SlPZJDJVuBMw/GAhdlaxxDcYjIMg3U84Mwwvf8TZfehnIuNy7GmL:QJZXASdSS/AjlaAYfgE8TH8TZfY5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-