General
-
Target
QUO-131.exe
-
Size
743KB
-
Sample
210422-dr7ej2kg6j
-
MD5
77ac0ae8cba8f31e52813615e2497a93
-
SHA1
660ee6187ff37e024a4031b732317bdf10cc570e
-
SHA256
4bfc65c93dae3e7158c102300e24f8f4894bdc7e480798ca684cf10c337a05a7
-
SHA512
f2ce28592935f89002217b24e6f4fb3852e02cfd59adfdde379909721410bdcbe795c3fad90736dadf0ce353f9c0021ea408992ba36fa49609e1aec348141d92
Static task
static1
Behavioral task
behavioral1
Sample
QUO-131.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
QUO-131.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.syntrnomh.com - Port:
587 - Username:
rainie.wang@syntrnomh.com - Password:
Tdn$AuZro1
Targets
-
-
Target
QUO-131.exe
-
Size
743KB
-
MD5
77ac0ae8cba8f31e52813615e2497a93
-
SHA1
660ee6187ff37e024a4031b732317bdf10cc570e
-
SHA256
4bfc65c93dae3e7158c102300e24f8f4894bdc7e480798ca684cf10c337a05a7
-
SHA512
f2ce28592935f89002217b24e6f4fb3852e02cfd59adfdde379909721410bdcbe795c3fad90736dadf0ce353f9c0021ea408992ba36fa49609e1aec348141d92
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-