General
-
Target
Quotation.exe
-
Size
755KB
-
Sample
210408-6ljjqpw75e
-
MD5
1e72fdc63d96b7f7681cb76d2eb34d36
-
SHA1
66e0afcc111a42a15817ccb6fce14f885b354c95
-
SHA256
1fa8f6d52e8299dc1a67d9b3ba8af0d876e12cae58f72276ebecd1711c9a97e7
-
SHA512
00e1667bb4cd7d4228f4788779ee37677bdcf311dd4b802a63e08a2626a66b297d8ae8d20c1cf8c8f4f973feb516b24dc00cd1873a4c8ce693b18fa3671f77e5
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Ricardo2021@vivaldi.net - Password:
Qwerty2020Hp##
Targets
-
-
Target
Quotation.exe
-
Size
755KB
-
MD5
1e72fdc63d96b7f7681cb76d2eb34d36
-
SHA1
66e0afcc111a42a15817ccb6fce14f885b354c95
-
SHA256
1fa8f6d52e8299dc1a67d9b3ba8af0d876e12cae58f72276ebecd1711c9a97e7
-
SHA512
00e1667bb4cd7d4228f4788779ee37677bdcf311dd4b802a63e08a2626a66b297d8ae8d20c1cf8c8f4f973feb516b24dc00cd1873a4c8ce693b18fa3671f77e5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-