General
-
Target
e08c0ea41598e6d9e0859fa7984e7f1f8064399d4cc8275857578eb1436543c5
-
Size
430KB
-
Sample
220521-ny346aech4
-
MD5
5bed6d227944a44d5ef8fcdc38687b33
-
SHA1
60a2fbbf9853834b8940b8d67b42fd22389bfa45
-
SHA256
e08c0ea41598e6d9e0859fa7984e7f1f8064399d4cc8275857578eb1436543c5
-
SHA512
2be8ea44689d0aedcbae98b4e77d2ebd7151f32c6fac6e5a223aba0fdc0af958c6b2674989e4d3dd036b4dfeb63d2b09170156dbc7d641c48ea8bbc1a2e330e6
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
mrcvr@tronois.com - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
mrcvr@tronois.com - Password:
mmm777
Targets
-
-
Target
Quotation.exe
-
Size
802KB
-
MD5
b9465bb08c2cdfc40967b4ce32696ad3
-
SHA1
9013b15ae374d6aa9eb33151e46725473a45d4ed
-
SHA256
a142c942f9a16d223b3591c321dd47b72526689fb52a883dae9952a5d53b2707
-
SHA512
f45c6eda8ab7cad0b252bbfb4d62467257971f78a12bcba5e99df475639ba35ddf8adc3d143c2ee1b0b8cf3ccc97fb0c4119e0082e3ec09deff61fae7ec8eb8d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-