General
-
Target
774ff9d217784b71e2223d3e93fc6bb12ea9e58bd9370c6d5c613a2e8b056806
-
Size
511KB
-
Sample
220521-nc1f5sgfal
-
MD5
18028774ff3edbd58cd1576bd6c82be0
-
SHA1
fe252949ef8890698af81ff72e333dab9f795c11
-
SHA256
774ff9d217784b71e2223d3e93fc6bb12ea9e58bd9370c6d5c613a2e8b056806
-
SHA512
423dcabf86416907eab1a44930f7ebdf4d6f8933857a602741c36152d932c16ad2ead1331458907c96c26b457594bf2bb846a2e7edaa7ebfed236c2322b810e3
Static task
static1
Behavioral task
behavioral1
Sample
Quotation & Sample.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation & Sample.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
razilogs@razilogs.com - Password:
anyanwu3116
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
razilogs@razilogs.com - Password:
anyanwu3116
Targets
-
-
Target
Quotation & Sample.exe
-
Size
552KB
-
MD5
2a6d5dd34b4a2b1edcb23d6c3bfc2e2a
-
SHA1
c4bf7dff26839535a7f63d591eb1c72a5b037218
-
SHA256
3234f22d73087d0a3b9e73a6a1fdd5db4493e2f5f1b1f832bc56119752368744
-
SHA512
a7ac560c079022a449b4f73c4c46f2019e9779cf95341f1a8c0a6c2265b115895a166bc41021edb33b0fe99c2048a6fb2611335167e67757000d8a8f550555fb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-