General
-
Target
RFQ-HL51L05.exe
-
Size
1.1MB
-
Sample
240424-gtqvpsfd58
-
MD5
29f5c71635b9edb6929e77b5f5462136
-
SHA1
6daa3b1f5cc828e4ab95d2ebb48e11d9e7791cf0
-
SHA256
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c
-
SHA512
1f82360b411e0599144a3c8e91b6ed0fee66ff87f1e72133f067cdae7057e504b5f491b8f465a84b188a399fbc4d90835235034680f31534808f36b4f2026f10
-
SSDEEP
24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAe5iwefqWkVri5:5h+ZkldoPK8YaAeghirM
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-HL51L05.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ-HL51L05.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
[email protected] - Password:
EVEitDp@^lu~ - Email To:
[email protected]
Targets
-
-
Target
RFQ-HL51L05.exe
-
Size
1.1MB
-
MD5
29f5c71635b9edb6929e77b5f5462136
-
SHA1
6daa3b1f5cc828e4ab95d2ebb48e11d9e7791cf0
-
SHA256
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c
-
SHA512
1f82360b411e0599144a3c8e91b6ed0fee66ff87f1e72133f067cdae7057e504b5f491b8f465a84b188a399fbc4d90835235034680f31534808f36b4f2026f10
-
SSDEEP
24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAe5iwefqWkVri5:5h+ZkldoPK8YaAeghirM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-