General
-
Target
990a43d16640d614c878efb810592bc94ededa121ade1938d7a42452ca5a49c0
-
Size
834KB
-
Sample
220521-cye7jshgcp
-
MD5
518f3539e8cbc09eab45e3260ceb223f
-
SHA1
53710ecaaa28ac39fab1e30c555f80adebd9125d
-
SHA256
990a43d16640d614c878efb810592bc94ededa121ade1938d7a42452ca5a49c0
-
SHA512
a0f8f2e34c808e3c48b72e0e17f2ea06544e0a07d8f3b50937884702b097e16a1da539bf0a21b932a906858c28b2a5e70c519728465b358e4bc71375da3cccce
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pengteh.com - Port:
587 - Username:
[email protected] - Password:
am%pjs@8
Targets
-
-
Target
Quotation.exe
-
Size
774KB
-
MD5
6dd7542b5145cc3367062c8de480350c
-
SHA1
d04897139836b9492a3c5036eacac7fc41160dcf
-
SHA256
10167fec5a00f7ee3805a502684ca59887be73bc350946a0f7989080e06859d8
-
SHA512
c6c05d1be62e093ef8e5c61e034752e863b322fd546331081769809e5d24c23aa2984960ae48cd6a1f68749535063553ca57606fb27d43a28d28b3af5921e35f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-