General
-
Target
4fb6cee3d4658f6af952aed7a8a30f4be80a805a91b12e10fbda0b301807d694
-
Size
527KB
-
Sample
220521-n6345ahhej
-
MD5
3d31d2cc611289ce5ec71ae655d6a701
-
SHA1
c47268bc5e3522d8dcaeaa17f88b5a9ae5917247
-
SHA256
4fb6cee3d4658f6af952aed7a8a30f4be80a805a91b12e10fbda0b301807d694
-
SHA512
7edd05ceb832725d1a83859adc87ee3397793f4539562c054be4617af7ea49311fdb7dcbc8b3dbf97f4893f82d2d2081975f26447fd1c549d42b710b5efd6473
Static task
static1
Behavioral task
behavioral1
Sample
Quotation (1).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation (1).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
Quotation (1).exe
-
Size
615KB
-
MD5
be9b777561bcac8ddf57f732b4f4d48e
-
SHA1
9f32b1b269678bc09f3fc11a7928d9fd333077e1
-
SHA256
0535bc297732d4810fc46c783c71e160b6ac3c7cc3596dd7ffdb3606ab1b3319
-
SHA512
b1558692b49a8e1bb4bb2106505527043eb94d60fee3ea65820c64e27dab0327e2bbae54a14d01950917a37fad51c92d9b6f275f32aada40b4a8e75507fd658e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-