General
-
Target
9c97b3875f9ae3d3e19bd4463dd1e848afed5dcd78ae9951c8cf72cc25d28864
-
Size
431KB
-
Sample
220521-bkcc3abhh6
-
MD5
05f363a812190a78314556b1ec76826a
-
SHA1
ad73c555db944ba00f0545ecbebe84f89d9715bb
-
SHA256
9c97b3875f9ae3d3e19bd4463dd1e848afed5dcd78ae9951c8cf72cc25d28864
-
SHA512
2e506ca8778513dddf8f232883006ef7221ed92ea1356579f8758a8c138135d916003405b6fdb674e1823d93b9a774e83ccabf64a1618859804fe5ee1f7ca10f
Static task
static1
Behavioral task
behavioral1
Sample
LDR Quote - 014.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
LDR Quote - 014.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Mix2lower12?..
Targets
-
-
Target
LDR Quote - 014.exe
-
Size
804KB
-
MD5
eb909348dd9474bd37ff32c9e314e617
-
SHA1
6c1bad83c65120f65477f5c7c2f92e313d9a707b
-
SHA256
f3ef6817953ca158c6659bc08c6bbcc27f834a7143426910383e79030109fd2c
-
SHA512
9de7fb1c3be177a9d7a471578fa969fe11562b639b835c672620b6cd061b7f2a2096f8b83bde5f1c8ca01d467ac1f795f3d82cccdb27954ad99bcc1fcc509de5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-