General
-
Target
aa0ce6492e34742337746c846f911c0f58b5fb0f30f6c39b4ff2370c4dee6253
-
Size
474KB
-
Sample
220520-31xsgshhb7
-
MD5
637f5c5a9ec2926e42d93676b5a91d76
-
SHA1
69588f3eca9d48be5f78c4be499655c9cdbef951
-
SHA256
aa0ce6492e34742337746c846f911c0f58b5fb0f30f6c39b4ff2370c4dee6253
-
SHA512
b9f9395465b53bdde18ea40104067842e86f38df32b05e38575dfe3f5a14d5cf6efe45dd93379dc26ba61c2a2074e64537480675d932010bb73810a475bf90bf
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
}bf9e+EW5s$k
Targets
-
-
Target
Quotation.exe
-
Size
576KB
-
MD5
a8eb33967c3893d4ea7b3d4132cce1da
-
SHA1
1057a3e1c73241e7c58d16ce858101b4d66977c9
-
SHA256
ef8f3aad596c9dbc0984355b2746342e0e672a588bc9be8d729cfaf5aced13b8
-
SHA512
5897429f1be3d73e193c1535d8590dcede573be61700b6c55001fdfb8ca0f24811c882df279771fc11e206a266dee85fea39321cca8b1861a38830511cb67eb0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-