General
-
Target
a5cd8ca939d65665cbc56803ae529488fb4df5811682158dabc57d4a95e4455d
-
Size
644KB
-
Sample
220521-aaj5gshhd9
-
MD5
a1ddc26c4ff2cca5032ebe43e6bbb898
-
SHA1
6e8f2c232f3e7de6e86890057abb68c6071ae95e
-
SHA256
a5cd8ca939d65665cbc56803ae529488fb4df5811682158dabc57d4a95e4455d
-
SHA512
a2076515a3f53d9b2301fa98a080c24d9fb4b10c400246a0e79d7e1f7c512ee5a7005f2a431213c50aa0b62816c25340934e5a8af6b34ca3277f0f841a517fc5
Static task
static1
Behavioral task
behavioral1
Sample
Revised Quotation Climax.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Revised Quotation Climax.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8baa88
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8baa88
Targets
-
-
Target
Revised Quotation Climax.exe
-
Size
582KB
-
MD5
6e1cd36b3d427765d30394a961907473
-
SHA1
777bc442f8badc30d242bcaa8d6f5ea2acc3f657
-
SHA256
6ef4857528ebdf69a08e1b525532c5cbd8e31216cba7a2e8be432cc7c3849123
-
SHA512
95e08daaaf0e75929dc52cb554771780d40bdee80c39b4172bb88c4ca5ad29c3c79c951c60ffd981bbc463c5684bb422a6d2a4e0109cc25d1c2351ff7553e3cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-