General
-
Target
fe4c31f5c692b0116431ee5679807971a19d89a2faab54e7c2864f16639458e2
-
Size
448KB
-
Sample
220521-nx9kjsecf3
-
MD5
66181e5843d30fb5da65714595505b35
-
SHA1
4a2804d186e4a4696162397dbd722759f30fa44b
-
SHA256
fe4c31f5c692b0116431ee5679807971a19d89a2faab54e7c2864f16639458e2
-
SHA512
845997fb7cc9c34efbf9e783fb024ca953ee3f00683f2a37af73be3d43e72453a5a7b443295d333f4b123a892d3eff7756c19145d7164ba48ab7292318905164
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
maka@wanchuangda.pw - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
maka@wanchuangda.pw - Password:
mmm777
Targets
-
-
Target
Quotation.exe
-
Size
858KB
-
MD5
78832f031eac50fc85ad33b10ab20c84
-
SHA1
3c33ff149fd9fdbdea22abb85bd84e6ba99e0a32
-
SHA256
8f29462204ac0f3027f813dc6203a09864d9e54c2de340dfcc2b47d9969bda5d
-
SHA512
f17de17e828c7aacd7418a214bf679be9604d06ae0ee7af8a2a595dcdb3bfb8ca260b5c22cd02c8be42cadf33c978377f59ae1736b9ffadaec7c46c2c142f9f0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-