General
-
Target
RFQ.exe
-
Size
1.3MB
-
Sample
200624-smt6fnpqqa
-
MD5
078c44464a42878961a16fcabf731114
-
SHA1
8be1ce5318546a2f68bf58ed0507bc419058ef05
-
SHA256
90cca0bc037f3b3e5ac45af4d2c3233da62776630d330113621d1a4f531c4dfd
-
SHA512
f19968ea8a490db9424c3c746ec6acde2a6522b52f947a2532cad12fd65916199032ff7cf76760af5ff904426dd27258bfe4af6a0035df8ae2e2cba6e5866176
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.travelsapphire.com - Port:
587 - Username:
sharwan.kumar@travelsapphire.com - Password:
A7dth4xADt{61
Extracted
Protocol: smtp- Host:
mail.travelsapphire.com - Port:
587 - Username:
sharwan.kumar@travelsapphire.com - Password:
A7dth4xADt{61
Targets
-
-
Target
RFQ.exe
-
Size
1.3MB
-
MD5
078c44464a42878961a16fcabf731114
-
SHA1
8be1ce5318546a2f68bf58ed0507bc419058ef05
-
SHA256
90cca0bc037f3b3e5ac45af4d2c3233da62776630d330113621d1a4f531c4dfd
-
SHA512
f19968ea8a490db9424c3c746ec6acde2a6522b52f947a2532cad12fd65916199032ff7cf76760af5ff904426dd27258bfe4af6a0035df8ae2e2cba6e5866176
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-