General
-
Target
9e868e8ca1eed3c4ca4229e52af1b993aaf489df8f1728bd288121721b7a632e
-
Size
526KB
-
Sample
220521-b1mtqsfhbr
-
MD5
e489d069c9516cc382aede1c0dc5b1e0
-
SHA1
e930c0491026b361f1eec2a9cba5ad15dd0932b1
-
SHA256
9e868e8ca1eed3c4ca4229e52af1b993aaf489df8f1728bd288121721b7a632e
-
SHA512
6ba8cd3b52c8c71a09e3ebb8b8321bd6237dc4b92c1fd2670cab5f1c8b41a26b780918c23d8abb5893e3732df99f5b9919556f5b7e24bd9ab47933e3437fc06e
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation Request.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
atn-com.pw - Port:
587 - Username:
[email protected] - Password:
ox0gGWSA
Targets
-
-
Target
Quotation Request.exe
-
Size
465KB
-
MD5
2cf2668590449c1d421d1e3919c7fcaf
-
SHA1
cd70589ef97de9720eda48a298840536a576ccd4
-
SHA256
2a508f9cc9936cdfa3004c6b5c05103197846e605f36bed514fe599d31ecb7c8
-
SHA512
297936741ab476bd3372577af3c920f8fcf89d8ef93945ebcdd89eb21b146c834c1db6bc9c5a408b550a61b7791fac6ae6e901f054d6058d43be97a92e208746
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-