General
-
Target
8c9bf414f06a7ce76ec475a57c8e4cb2ddfc11474992fd3b8b166fb7e8b0b345
-
Size
1.2MB
-
Sample
220521-b1rspacgg7
-
MD5
17e8a7c88c427e5257cfcf9a6e082bcb
-
SHA1
8850ac9e8aa3538b6fcf58d6e6da509054f35fd1
-
SHA256
8c9bf414f06a7ce76ec475a57c8e4cb2ddfc11474992fd3b8b166fb7e8b0b345
-
SHA512
d442370ab80d1a6ea8a424645893fad7379011e91ff03c28c701d11569ee4dded98348365d7c287561a54dcd0bbc5052c67bbd3d36ae00e59220230b4606f08e
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATIO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATIO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.kz - Port:
587 - Username:
gartechglobal@yandex.kz - Password:
godisgood82?
Targets
-
-
Target
QUOTATIO.EXE
-
Size
500KB
-
MD5
9e29ad54cc1cfa6c7a87eeb1fcd24cb8
-
SHA1
29cd0cf8b787b74ba5889a4db7a66d6d154c2f6f
-
SHA256
5f9712f84760ef966523fe1c9da1730d66a75f3c2bf035445b19cb3890442100
-
SHA512
38006ce68b9d304ff7ce16c612715c4e2149e071d6b387aec6d682fff222d759ae8f063b3006c78f7d24a958962ca700e630b391adeb8ff9b0d23e3ad6298183
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-