General
-
Target
9cea2e32460f99229006310980272e87fe8a5f21a046cb286fadd6a26c664b77
-
Size
394KB
-
Sample
220521-cxhlaaefc3
-
MD5
63e123e17d7ca86820a212d175ad9bb3
-
SHA1
c80dac21ccd694f7353277145cdf3aa0c0825835
-
SHA256
9cea2e32460f99229006310980272e87fe8a5f21a046cb286fadd6a26c664b77
-
SHA512
608a5b1a252c400476185bb9ebf4744d077c610c4a58e06146b5e5c938c4c51c5ddfd823571ee36934b5f99fa863f439f36450fc8162bccb3cdd15e9f143f200
Static task
static1
Behavioral task
behavioral1
Sample
Quote Items.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quote Items.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bapipl.com - Port:
587 - Username:
[email protected] - Password:
Bharat123
Targets
-
-
Target
Quote Items.exe
-
Size
441KB
-
MD5
5bb2397a559d359ae117f671048fa209
-
SHA1
2b37e1a17b9bf52928e5254a5c473221f50438b0
-
SHA256
ee84542a7345a20be96449b190580d2f0ef359753358339d30f0b1dcd4bec7f7
-
SHA512
bed54da25e45d3b8383f685e086ca81dd8475f824dcebfe856b3e1be995c7c3236907d955b0673925ffeb9ecb22768af18faef3fb0d9ae89fa810edb3e9e3405
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-