General
-
Target
QUOTATION.exe
-
Size
673KB
-
Sample
211025-twydsagdc6
-
MD5
05ab7c5ea99f0b21748ad1d82374d1a2
-
SHA1
5e58ace479d278c43df05f3d65a61caa9135b842
-
SHA256
63cf2188cbcc6e884c07331afb30c937cc678bc4552cee83b3a689a927a84c5d
-
SHA512
60c124a9e79316145eb67667ccd1ceb88db00dd71a023e30c917bcf453f7d8311150d8815a17d8f4579c33dce69da6048ac0c650e433d1a122b0fab8f91230d3
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
QUOTATION.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aldhiyafainteriors.com - Port:
587 - Username:
[email protected] - Password:
dhiyafa@987
Targets
-
-
Target
QUOTATION.exe
-
Size
673KB
-
MD5
05ab7c5ea99f0b21748ad1d82374d1a2
-
SHA1
5e58ace479d278c43df05f3d65a61caa9135b842
-
SHA256
63cf2188cbcc6e884c07331afb30c937cc678bc4552cee83b3a689a927a84c5d
-
SHA512
60c124a9e79316145eb67667ccd1ceb88db00dd71a023e30c917bcf453f7d8311150d8815a17d8f4579c33dce69da6048ac0c650e433d1a122b0fab8f91230d3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-