General
-
Target
470f43d3a398069b0b221abc6c08fd25f7a6fb8b67383b302e250f89d66566cc
-
Size
605KB
-
Sample
220521-nb29cageek
-
MD5
2c22b90b0628d017110bdcc5dc560975
-
SHA1
c10bd9897e6502cfca46639d30a73088457bb4e6
-
SHA256
470f43d3a398069b0b221abc6c08fd25f7a6fb8b67383b302e250f89d66566cc
-
SHA512
497186113ef95ab321e22cddfcc1ce3f9e5dab9361b319a4c470a6f27fc2c5c68ab9d159d33e798345064ff3612214d3d79bdbada504b2b0b952b4ce5a8941a7
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nltfy.com - Port:
587 - Username:
ogwire@nltfy.com - Password:
Fgy!!@w0
Targets
-
-
Target
QUOTATION.exe
-
Size
740KB
-
MD5
1fd0c7b4aff9bd81a9275f4e4b0e672a
-
SHA1
d2397f32a9b072daf2f8266b189c523137bdd924
-
SHA256
269770044a2b90764179e7d03229a3977e6034257d036c9f3d977803107f8b24
-
SHA512
a4a12e6b2b3d86d28025e545f82a308cd3a7712835d8d193e23db4cc9b3f31a1aea6af896b6af3c37e350702cc85ab87fac678d021eb59d5da36536f76294ff4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-