General
-
Target
34287793771e6f5b0c9355f2f0aeb27baf70f938734b4089539806c0810046b8
-
Size
415KB
-
Sample
220521-nxhrtshdbn
-
MD5
f7f7421f255d2a32519fd86f7cbd8645
-
SHA1
2199891fa11db6d862ec7189df19f3862b6a0278
-
SHA256
34287793771e6f5b0c9355f2f0aeb27baf70f938734b4089539806c0810046b8
-
SHA512
4bb1dd8203f6534fbcfc2b25a5378d9c7bf192719f981cf7c5b17fdfa28905ba4ce0bf73ae428e4a1bf8d1b7a34b026617d6945afd50217b84190994c1814252
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.uae-messefrankfurt.com - Port:
587 - Username:
rudolph.anand@uae-messefrankfurt.com - Password:
junior080
Targets
-
-
Target
Quotation.exe
-
Size
722KB
-
MD5
f6073735af5726c758e4446b79aa1f8d
-
SHA1
1a44f6dd76dc532345612e7a4da89ef242083407
-
SHA256
2d863af0251409bf029443b1981194470a72aafede60137d6c88d32773e39bc3
-
SHA512
b471632c898997aa00c7e881efedd0f800fedd0ba8066e2ed0408acf2cf70bcb04813789228e85b857a845876a87acd68a5657bce1d2b55a89ef20ee9600dde3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-