General
-
Target
dca810543f646cfc56ded40f9c15d47d4a0eb6dbcd09578193c3d12c08e8188f
-
Size
489KB
-
Sample
220520-3pms5scbfq
-
MD5
75a6623ab5ae65a439bdc8ce0e447c67
-
SHA1
163476a5125246e3709eb0cfc0838b2eaf3619d2
-
SHA256
dca810543f646cfc56ded40f9c15d47d4a0eb6dbcd09578193c3d12c08e8188f
-
SHA512
3cbe49d84e17876fee8b899a03ab28e6845c5cb8a1b7e859198476932e7887d2ade7a7fdd76d5d7ad836e82faa0adc5d9db36cb4df743f076fbc06cc29292f82
Static task
static1
Behavioral task
behavioral1
Sample
quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
(UxyAlp7
Targets
-
-
Target
quotation.exe
-
Size
601KB
-
MD5
c28e411d66d49853c4044f7f423fa950
-
SHA1
dc78c53301fb2ecdd6a5b2dfda46827b5aebdf96
-
SHA256
02aff20f4937dc1eca8940292d169147007a41b0589cd34d04a3ece9519b5125
-
SHA512
c9cf743bfa786186306aa8fa4d483df57d7c5f29dd62653b79fb179cb0d96f72bf0746104eb38ded1a9664f97352f8fa0ab4823b84c8128cdaed5c5767671a29
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-