General
-
Target
S.QUOKKA (S-618) - TCM.doc.cab
-
Size
298KB
-
Sample
211019-lqwn1agdep
-
MD5
99b353532a0eb9444713745ab3067e09
-
SHA1
a9ce6d33239264e9ca50592c384ae5d2d731db69
-
SHA256
43d31fe33c42c62c8c144dcc2ada716586575f1a0fb45c170f31115dde19f278
-
SHA512
2cb4546c7435ff8d84d91f682d7cae7b78d6ed145fefa753b5a119466cd46a3abcef43e3432ea0d5cea9ae8e39ffcdf9af443fb1274534c723b122a85c4a155d
Static task
static1
Behavioral task
behavioral1
Sample
S.QUOKKA (S-618) - TCM.doc.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
S.QUOKKA (S-618) - TCM.doc.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.penavico--cz.com - Port:
587 - Username:
[email protected] - Password:
Fq$L%J((!6
Targets
-
-
Target
S.QUOKKA (S-618) - TCM.doc.exe
-
Size
770KB
-
MD5
545eaa55c962df648708bb0bb01bcb28
-
SHA1
39e0c699f9bd668dc65561aef01451deeb41b073
-
SHA256
138e666baba119aed949d7064ded4f2ddafaa85e95b09bbd5c4ed7d2b77ac9ef
-
SHA512
4892171284b009dc58a0ea5a781006e52c1dc729e924f386749336b9e56880ecdf6f67e43bee9c8f26b345cfcaab4b53305cd78f33a04d1b3d6016db4a2684cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-