General
-
Target
9adbbfe1beaaba795f650b0a9517eec1abfe1eb9c10dbfb14ab392b85ee77f48
-
Size
427KB
-
Sample
220521-m4zhgsgbcl
-
MD5
030d2997c96fb880207e8ddcdccf852a
-
SHA1
d9257f172774a1cfdd7458c09b11273804c6ceb0
-
SHA256
9adbbfe1beaaba795f650b0a9517eec1abfe1eb9c10dbfb14ab392b85ee77f48
-
SHA512
6d063a3706cb83c0ed42397139f0db4dc3f8c9404a5edb1628267a36579cfb47f8f4592f74ea01da03625ff8907e2536aa09e25ff86147eb3289e2c28b33f124
Static task
static1
Behavioral task
behavioral1
Sample
Initial Quote.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Initial Quote.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.exomnobil.com - Port:
587 - Username:
[email protected] - Password:
Control84@
Targets
-
-
Target
Initial Quote.exe
-
Size
679KB
-
MD5
a70439c6c4805c87ab2a19538aeb5779
-
SHA1
e98e9a660049f6663471bb3fa6218665ff77e34e
-
SHA256
a62a90789d488d851050ad121400c40bdcbad55ff7acedca829edff301b0342d
-
SHA512
8a3716ccdd0ba93a7972499c19ea7e8c6aa024f4aa92fc51be5fa7a7743bcc146b75377646fad1cfdbfa3ae671b908ea1f23ab525682f26cb29879538cc27ebc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-