General
-
Target
098542eccef1c9a19b87decfb6f6372ae1b41155836f90f16a876ae46256acb6
-
Size
1.0MB
-
Sample
220521-m9qsjadcg2
-
MD5
1b8bdbcb7a232d8aed8cad50812fc5a5
-
SHA1
f8bcdb6634748d04f6a8d859e8a7f527eb2b4fb5
-
SHA256
098542eccef1c9a19b87decfb6f6372ae1b41155836f90f16a876ae46256acb6
-
SHA512
89292d9a67ffe12afcee42a2dfe1073df4d8710c95e3d4d0fc1782a74db3d5a52eb10f6fdcdd5bd79bbdf8ac2da84b70167da1b8bcedefb54f1fe292b3f016cf
Static task
static1
Behavioral task
behavioral1
Sample
Quotation United Trading.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation United Trading.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mse.com.cy/ - Port:
21 - Username:
bugattimse@mse.com.cy - Password:
(tKJ.wvnN~5d
Protocol: ftp- Host:
ftp://ftp.mse.com.cy/ - Port:
21 - Username:
bugattimse@mse.com.cy - Password:
(tKJ.wvnN~5d
Extracted
Protocol: ftp- Host:
ftp.mse.com.cy - Port:
21 - Username:
bugattimse@mse.com.cy - Password:
(tKJ.wvnN~5d
Targets
-
-
Target
Quotation United Trading.exe
-
Size
1.4MB
-
MD5
33636b2c1e2808a579560b37f93b2e56
-
SHA1
b1cc0777b0cdc51fd56f2e0fe290c0578e085458
-
SHA256
9a2467d92dd6c5e322439643e05041f151b6bf6e9c8c410f96fe6ab969ea8882
-
SHA512
e22a29df6381870817b3960bf97237c99965ce20aea23c25de2ee7fc9dda159ce41448e817f7ebbcba7c2c350ce5444040db5e7cc958643bb4a527d6d3338a7a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla HTML System Info Report Exfil via FTP
suricata: ET MALWARE AgentTesla HTML System Info Report Exfil via FTP
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-