General
-
Target
61dbf9cc2b39be1838666e7e2edaa5667059e9813d667357d93ff4aa81ee51ef
-
Size
602KB
-
Sample
220521-pbk6haabfm
-
MD5
01801049050137f3929321da483fbcfc
-
SHA1
ad7c245ef7ee9fc3c11d4421579d18fd414c5cba
-
SHA256
61dbf9cc2b39be1838666e7e2edaa5667059e9813d667357d93ff4aa81ee51ef
-
SHA512
9f044c0c72c1cd5ae67b75a0405992b09a8c45056dd11f815ae5f6d58b5788bad68d07ee7f83013393cdca2026291ce0a852440ba0949cc7c2a74da578c7672c
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE 2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTE 2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
don4@intarscan.org - Password:
!c}w0m3nCK#h
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
don4@intarscan.org - Password:
!c}w0m3nCK#h
Targets
-
-
Target
QUOTE 2020.exe
-
Size
540KB
-
MD5
21d1083d295c27ac02ac97e8b5ad08f3
-
SHA1
8b2d20b952e05651a600f5e36d95ebccc738fc97
-
SHA256
708819369d030c9ac2cca2a078e695318a8b8289ff78e50a44684761d63173e5
-
SHA512
20ba1c6c9f6cc404b33153befefa0424faabf4ea4e01e1d5bae042c9571c446f61f8f7d3f308a9f0049946bca87469d71825e1d5babf4ea9691a02e9933ae150
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-