General
-
Target
da9219415bcb66e4048ce23c6f94a3bfc29b0576fd3d30c7b47f6835efcd9ad4.rar
-
Size
648KB
-
Sample
240609-me5cfahc7w
-
MD5
0b0b8f1b9ba09ae894e0a58eed1131b5
-
SHA1
7f431e504fa52f665596aab273ef26c19d6bac19
-
SHA256
da9219415bcb66e4048ce23c6f94a3bfc29b0576fd3d30c7b47f6835efcd9ad4
-
SHA512
063b47ef0ce69ce12e64e0caaf83ce20bda19bfedf47da2c9c2ce052d273a5d0fc593cc695f24e1403a847396e5850465aeda5e5c32a244845711ea1f466235c
-
SSDEEP
12288:Pkc6ZszTSEyNvHQc7YE494fkJl94Da2kLxuw53smXHPklYLCRqywxiUDhnscW4:r6Z6SxPQkW4MJl94lkdJpPkl4C7wnhJn
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-2402-3572.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ-2402-3572.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.psgrasa.ir - Port:
587 - Username:
[email protected] - Password:
mahsa730101 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.psgrasa.ir - Port:
587 - Username:
[email protected] - Password:
mahsa730101
Targets
-
-
Target
RFQ-2402-3572.exe
-
Size
706KB
-
MD5
2e11cbc359b45e25b7f5f3b6008f3adc
-
SHA1
e640cc86dfed0419775c394ed050674667ed8b2e
-
SHA256
48c7311341af01dfa4d01d6000fb17d6956d6607f2714bb88bba2f8ca0a93fbc
-
SHA512
4a4c3b8d84f8a7a7b09bd584b17f07fe929abd938b64cef95e2890512d988eff116ce726694d53e5d78e3063ed71b0ac3d33ebfa8db6dc3ec8b2469578c5c8ba
-
SSDEEP
12288:r3qyJMIC222lCz/mh/otW1AmPCLHmR895zB8DSSAwlDJyhy3KJx:r6Oo222Y7mh/BKm6vDF8+S/GhgKL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-