General
-
Target
9aa0e0096068ea31b521494e00b2162d998fbb2dd8e96f46df27475d39c15ae6
-
Size
431KB
-
Sample
220521-cx13mahgbl
-
MD5
a6631bbb0a9dd17f4b2a21009a769634
-
SHA1
a2028d0b42ec455155a2985935c93a6c59ee1c31
-
SHA256
9aa0e0096068ea31b521494e00b2162d998fbb2dd8e96f46df27475d39c15ae6
-
SHA512
1fc1828a228a9f7aff76a90f449ce48b7dab0e765e1b120290b84c04aaa822b9f9325e9d19ff1769a2370b950a67d79db06cad09e3ba17ffc1ae479966bd8e53
Static task
static1
Behavioral task
behavioral1
Sample
Quotation details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
Quotation details.exe
-
Size
522KB
-
MD5
ff05fda8782a53decebe9730898d658c
-
SHA1
58799969a2e94c7db4c20ea35e8e24a1e17ae38b
-
SHA256
c0de7f1d595e6c5237f2d30f48bd2de0f964dd15f56a93a41b8de1c8d7e9bb19
-
SHA512
55f8e0bd818f1a45b5cea546ae61d0c6071540eba8a5b2eef57ba73f787fcd4adeecf98327e14df9ede7100ed328980fa4d19cae4ba1f627b1d588ad8520524b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-