General
-
Target
7070c5abc1c6d99bc327d1e36ee047a7293f4d3de5d50ea58e7b4b46f74ac92f
-
Size
598KB
-
Sample
220520-3avkfaged9
-
MD5
436e8d81e18298cbdcee842599286ff6
-
SHA1
eaf68070121458f4e7f8fd1cc5214b1e6694f876
-
SHA256
7070c5abc1c6d99bc327d1e36ee047a7293f4d3de5d50ea58e7b4b46f74ac92f
-
SHA512
ff7a6afbe4a8dc0312e72108f353d617a305a6e987ba902c823599135c5178b58cfcc968febb751da096f23fa8624471acd77dab1752339ab1812bd4902ac396
Static task
static1
Behavioral task
behavioral1
Sample
Quotation List.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation List.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Quotation List_..exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Quotation List_..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
public12345@#@%6#@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
public12345@#@%6#@
Targets
-
-
Target
Quotation List.exe
-
Size
601KB
-
MD5
9526050cc6e671ecdd00c16288be6772
-
SHA1
e6eb495755ff695bf35a079fcffea03fa5d3eb2c
-
SHA256
2c13ec5658318ce81c8da312fc020d69b881cd98ac01f7dae28c7e0150ce1698
-
SHA512
60fbca5ce82fa0b589f63bcfdafaeaaf58e97f429a6ebbd3984e8504e5b7c82fc16b2e97e59694b9f6b7ed3cfe6285e04da93ad2d704bc67958fa1917e01276f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Quotation List_..exe
-
Size
601KB
-
MD5
9526050cc6e671ecdd00c16288be6772
-
SHA1
e6eb495755ff695bf35a079fcffea03fa5d3eb2c
-
SHA256
2c13ec5658318ce81c8da312fc020d69b881cd98ac01f7dae28c7e0150ce1698
-
SHA512
60fbca5ce82fa0b589f63bcfdafaeaaf58e97f429a6ebbd3984e8504e5b7c82fc16b2e97e59694b9f6b7ed3cfe6285e04da93ad2d704bc67958fa1917e01276f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-