General
-
Target
quotation.exe
-
Size
669KB
-
Sample
210727-rc74mh2ptj
-
MD5
8b0af96231dd7b5f99c1d51037dc0219
-
SHA1
44e2961033d6dcf08c9eec519d4aba1f3f786f2c
-
SHA256
0a4331bb70c63296d2f975bad0903c1c9c539c1f9d349a187bfaf2633b3c06e2
-
SHA512
27933987bc28a37667aa7afac221ef242ebe5c5a8cc8c9ae55cde22dfd54dd4fb785a76d85510b74b44ff268875db95d000555b1c95db4567f1457f11faf7c1b
Static task
static1
Behavioral task
behavioral1
Sample
quotation.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
quotation.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
@GoodLogs@321
Targets
-
-
Target
quotation.exe
-
Size
669KB
-
MD5
8b0af96231dd7b5f99c1d51037dc0219
-
SHA1
44e2961033d6dcf08c9eec519d4aba1f3f786f2c
-
SHA256
0a4331bb70c63296d2f975bad0903c1c9c539c1f9d349a187bfaf2633b3c06e2
-
SHA512
27933987bc28a37667aa7afac221ef242ebe5c5a8cc8c9ae55cde22dfd54dd4fb785a76d85510b74b44ff268875db95d000555b1c95db4567f1457f11faf7c1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-