General
-
Target
QUO-131.zip
-
Size
720KB
-
Sample
210422-fk51drma52
-
MD5
92f35e58db10d6aa177527e27e2734d8
-
SHA1
06b635ad735e704db1fa3dcd008e2fb2ed66662c
-
SHA256
d22b3e746e42bfada3fe6b73b03d5e2443caf1a9090120ac9385e49bb72297c2
-
SHA512
6a9be10c1a8444aecd608af4c51b049d70316f39ed108291d7bc9d707c170ee6ed801aa6e3dcc0d98b74c91d4da148c5aba8a87b1642e22c0e78dc3e10045fd1
Static task
static1
Behavioral task
behavioral1
Sample
QUO-131.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
QUO-131.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.syntrnomh.com - Port:
587 - Username:
rainie.wang@syntrnomh.com - Password:
Tdn$AuZro1
Targets
-
-
Target
QUO-131.exe
-
Size
743KB
-
MD5
77ac0ae8cba8f31e52813615e2497a93
-
SHA1
660ee6187ff37e024a4031b732317bdf10cc570e
-
SHA256
4bfc65c93dae3e7158c102300e24f8f4894bdc7e480798ca684cf10c337a05a7
-
SHA512
f2ce28592935f89002217b24e6f4fb3852e02cfd59adfdde379909721410bdcbe795c3fad90736dadf0ce353f9c0021ea408992ba36fa49609e1aec348141d92
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-