General
-
Target
f1deaf13217f6e0b728e9995a07db0f8a1ee3b83e606ed806d641b9c7bfd1875
-
Size
413KB
-
Sample
220520-3ks5cshag3
-
MD5
d07cb3294eceb2645df557980c983afd
-
SHA1
d9433922d3d8eeea67d027f04aede8d21d35c03b
-
SHA256
f1deaf13217f6e0b728e9995a07db0f8a1ee3b83e606ed806d641b9c7bfd1875
-
SHA512
e0a05d9672d30fbeaa04ebae07588173364bf169024071f27a12a6b8f876dd4a81eaae3b84e266d669d6a119222d5bfb5fe59bbd273f2cc06b408e0877d88ac2
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
Quotation.exe
-
Size
518KB
-
MD5
c4b00cd74ab74bdb219e5f174764c532
-
SHA1
cda3ba0e81d59defb7ced807976b1a41347175cf
-
SHA256
757811211cb9b67549000151e38132dabe4f0791589ca1559cca94e9993cd7cc
-
SHA512
7d0f7841450fd2c26a0b15b020357c6c9913b1d69f03526967b6cf6caf5170cb1d0c83bd1abda0456a8c0864f94ad61be4372de1fb717048fb62eb820c55a1ae
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-