General
-
Target
62f87cc0641f35465d2b63080fa1e8d560df4ddb453edab3a78e4578d55b0c81
-
Size
963KB
-
Sample
220521-aqm63sdefn
-
MD5
5b6ca9f92673fddcd606febb14eab9c9
-
SHA1
4c2fd35392c7ae01955ed9b3e96c3cf97a855afc
-
SHA256
62f87cc0641f35465d2b63080fa1e8d560df4ddb453edab3a78e4578d55b0c81
-
SHA512
d166e8a00312659ac1324d4c34b15e2e5cad10fed3ba2d1c67a90ab93d1cb82c7c24e6feca0c05389dba5498d9dbbea18dba40ee70f7f61accada347bae794bc
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.r00 (2).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION.r00 (2).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
QUOTATION.r00 (2).exe
-
Size
1.2MB
-
MD5
bf05079c097081e64bc96ffee3fe6588
-
SHA1
4da9c7da66aa2600c6aec67995c13da914121120
-
SHA256
b38a589a873aae6cf2bdfa37dfc8be7140e470bbc5418eb271f25f7575ee4dd4
-
SHA512
338d132a89ff987242ecd55259d4413dfeb3b12b88ba0e9922e9b93cd38f0752ff1467cb088f4e839245e40745cce796874664c437b6248c4d5b0bb562074173
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-