General
-
Target
3d5cfd10e6b587733feb6cf44a0f95cad7a9bdece6d2f4f39010a35a71740335
-
Size
835KB
-
Sample
220521-azc3gaeacm
-
MD5
24d848311bb1fcc97d62dec2da8a6282
-
SHA1
6739b11be1410bbbda58859488ada65dc09cc39c
-
SHA256
3d5cfd10e6b587733feb6cf44a0f95cad7a9bdece6d2f4f39010a35a71740335
-
SHA512
15c6f5ba1bf070470ea9ceade3363f0501ac14deda902d38177077e67037b43a03a8bd3ef8d14a4ff382b7e4eea6a7ad21e89a415327f0d0cd2ca9747c9db8ef
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.r00.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION.r00.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Extracted
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
QUOTATION.r00.exe
-
Size
1.0MB
-
MD5
1fa82367e6566b2f3a6b600cad030c44
-
SHA1
59c724ad18b95c55a18c58022183c51eec572049
-
SHA256
7d5613b39d0a6e9022304e17d360d351b04fadd2cebb8e24ae203bd8eba32196
-
SHA512
d53c9502c35a313bc8c7d24022c383a2038c8180937dfd7acb990348c331d44a099f5d841147297fb7ccf31925e2707930807eef28a105e06915417a6234d6fd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-