General
-
Target
ee07f6370ede7ad99079e7ec624cac5823d451ce5529496af366fda7e554f6d7
-
Size
421KB
-
Sample
220521-cbst5adeg2
-
MD5
225066a6a1fcd8b9e6dd44019a32d72e
-
SHA1
fbbffc0c72efba93fa1e3825c7814e68d89fec60
-
SHA256
ee07f6370ede7ad99079e7ec624cac5823d451ce5529496af366fda7e554f6d7
-
SHA512
5ccb726c1fff82d895b085a786060d0f8864ad23a7a6b5d57d9613ac43acd09edef365e3bad09b2d86765cb237e8a7b4ba44ab0a8e54ede64891abac4fd1a27d
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scandinavian-collection.com - Port:
587 - Username:
[email protected] - Password:
kR6d.DFet#7w
Targets
-
-
Target
Quotation.exe
-
Size
467KB
-
MD5
e1a68793a7d62a16837c95b2cc38da0e
-
SHA1
a239f2c748725a001efff71c5126af68f1bd9fc4
-
SHA256
d3ccfc7eefe685bc703f2975cde7560c851f7e28f8fac127baf54b24ede4ca91
-
SHA512
4d3b781ffe5dff71a4fb5a3f081b25c4efc625caf17b52c07c8e1d6a41028b7f38354b55acb0eb8a1b1bf231aa6feba602b25aae4075c932f23f6dab74e906ee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-