General
-
Target
da50414898c1f3e0695f76d0a2cacf3f115be131f14bb7116166a18e0e72a3a1
-
Size
514KB
-
Sample
220520-3p1d8shcf4
-
MD5
5b5380f4d2705cf100308ca31d372a1c
-
SHA1
893ef07dc294ec775e923ffbf85d4b86b94ed293
-
SHA256
da50414898c1f3e0695f76d0a2cacf3f115be131f14bb7116166a18e0e72a3a1
-
SHA512
1f93326be6026fc8d850ed062369401ba33e44e6b137366084ad8809f6a41141a2a2e7690a887d74d47dfb98b7d183136fafffe15b37a274f96d01bb4d8b2bac
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
(UxyAlp7
Targets
-
-
Target
Quotation.exe
-
Size
664KB
-
MD5
696260d24d95600b8cd389cb2ee54c2d
-
SHA1
c54e65a08351fb32621371db9b19e569c1a4477f
-
SHA256
6972fcf47a2db0c5ce7cd905bd12cbbc5155e98f57e1362a8b1a3c94177a2419
-
SHA512
747db4c4c2c34038fb4103fa10a237350cfd8990604322c57fcf99f05fed4a13b2e8f0ea4dfef3709cd0aa4a7ba99d025247523b5e6552ec3a82ffef01a2d1b5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-