General
-
Target
5c144627697438d385f2fe493ece0aa8edf19e106d195595f85f863b91c7a6bb
-
Size
373KB
-
Sample
220521-b4nkfagaem
-
MD5
70db7ce65a90d73ba6457e593c35ea44
-
SHA1
720e76524ec4ab96fe69b1e64cee2508942228d5
-
SHA256
5c144627697438d385f2fe493ece0aa8edf19e106d195595f85f863b91c7a6bb
-
SHA512
6c88c4972d50debbb06cbb625507bfba6cba17b533851fd03df8db67f3d7c797530065377f876abb23780b92d67514641a14fce1a1b35db8e6c9fef062813574
Static task
static1
Behavioral task
behavioral1
Sample
Stone Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Stone Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chenklins.com - Port:
587 - Username:
[email protected] - Password:
VBRSv_r)C~mM
Targets
-
-
Target
Stone Quotation.exe
-
Size
565KB
-
MD5
75346fc05ce9a0921add66bfe01fb2e2
-
SHA1
c833b6d3d6daf09ba2bc456157aac5c517dc3895
-
SHA256
6bfaed4b195fabe34d859307606ab45f4be80702d73e60efce3147b3a75d48f6
-
SHA512
afe384255acaa52130aaf690be1743edc38e3dd4da63443c4190c34bd9176b1fd35f8cf286f7944ba5ad9698e61ec0fdecaba993e1f98acd4069e68479d3e455
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-