General
-
Target
96a7836a898703bb0edc690e4b1e0cb0cb476a9d44119beb2d6632d2ab1681e2
-
Size
391KB
-
Sample
220521-cyzwysefh5
-
MD5
a0ef54b786cf14d2972f5f5e33fb2380
-
SHA1
7990df075d4602b8e3308870e754eb071f27ce72
-
SHA256
96a7836a898703bb0edc690e4b1e0cb0cb476a9d44119beb2d6632d2ab1681e2
-
SHA512
aedf54277d3e098bb33e5e3a343992c113494635dde0d24fbce68d66ee87a1249ae82b306e0e535822b8d990135596b8d145358cde416f0d4bfb619182af0251
Static task
static1
Behavioral task
behavioral1
Sample
Quote items.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quote items.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
Quote items.exe
-
Size
441KB
-
MD5
dde1cdfb08c1c0fd3f69c650cb03435a
-
SHA1
b7dbefa0c862d77c2108a6c01d089e379faa68a8
-
SHA256
37650971aafbc0b2bdaf04deb8a85da39b4294bad04e9542133768ad85630ee6
-
SHA512
5b46560354fc4aa4cabee9d62e007fe35359cb20fdf60c6b313f03359f27fb0d4ff7e84daa2426faa33f47431020fb8341fd38628f0f85cb48ff38efb7d10a42
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-