General
-
Target
da0db468513004794ec95a01cc97e5bf4d76a277b7ab7fcabb47ceff6498910e
-
Size
1.2MB
-
Sample
220521-bz3tkacgd5
-
MD5
2283b7187211a55900b55bfeac799339
-
SHA1
77b05a263ab93386b7f4ae5885aabd4afef4530b
-
SHA256
da0db468513004794ec95a01cc97e5bf4d76a277b7ab7fcabb47ceff6498910e
-
SHA512
c1a71eba15fb59e20c64a5417e32601582eb387461b3d28208171e01d826065e4c20816f22b6628151e33a735d0da0fd2dda3e7ee99313bf56705df7132ffb69
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATIO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATIO.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
QUOTATIO.EXE
-
Size
502KB
-
MD5
6090c40a1022d3265f2dc7867cd533bb
-
SHA1
bc5eabceb7a959345421c536219fdbf23602e4e2
-
SHA256
bdf6444b7ff7cd5866894e61e0ccd96d61d8af22c0043df49d2adcf3659fa853
-
SHA512
b5d4bc23a7840e03eeffe1f6e5c93c81e42342bb839064607050d8f43d44aae6e51c2200a4e41cc387603ac461157341f66245808a43065090c23902d42aa08a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-