General
-
Target
quotation.exe
-
Size
490KB
-
Sample
210408-msfttq63hn
-
MD5
ec1a733e7836a93b1aef885dca064acc
-
SHA1
92b3cce4c760b3a0a865bb4df0e0f376da6c9c6b
-
SHA256
b158522e8d0e95fe5aa6fe99014399ce3e9edd85a93ac61b30d9d1dd31ef382e
-
SHA512
cdb1e4ca8fb67684e8e34a20d2ee4ef6ca461506bb613ec53994bfcf18d70e402db265116f9579221a29cbff7d1851662448dc65b5d9c399d1f487b5563e225b
Static task
static1
Behavioral task
behavioral1
Sample
quotation.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
quotation.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kugel-medical.com - Port:
587 - Username:
sales3@kugel-medical.com - Password:
stanstan12345
Targets
-
-
Target
quotation.exe
-
Size
490KB
-
MD5
ec1a733e7836a93b1aef885dca064acc
-
SHA1
92b3cce4c760b3a0a865bb4df0e0f376da6c9c6b
-
SHA256
b158522e8d0e95fe5aa6fe99014399ce3e9edd85a93ac61b30d9d1dd31ef382e
-
SHA512
cdb1e4ca8fb67684e8e34a20d2ee4ef6ca461506bb613ec53994bfcf18d70e402db265116f9579221a29cbff7d1851662448dc65b5d9c399d1f487b5563e225b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-