General
-
Target
Quotation.zip
-
Size
367KB
-
Sample
221126-lqhgdabf4t
-
MD5
4284b3b5164b8df48631c9cf87d19e2d
-
SHA1
f9bb4720fe25707c8f27e4599dc6feb220933fb5
-
SHA256
f66dd0ab944c5482c3ac75506795bdb9ad1b849a4ab4667b53e02ea7f933f994
-
SHA512
88c95ed6d6802a855ae878b25a2de42f43f53c80169e3d8bdbab2661c23de4b863ae81349f01a693a91cf25b330e785d819b997e8ae2523adbe4db235f80435e
-
SSDEEP
6144:vq0ui5+qifCUmelJQEOBIUE4QiF33Zgx4nwy5Wo4kaZL5+4+381H8W8:vxH4JQTqUnQiF3J84pgou+a1cd
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.svcnc.com - Port:
587 - Username:
[email protected] - Password:
Krupashine@6791 - Email To:
[email protected]
Targets
-
-
Target
Quotation.exe
-
Size
482KB
-
MD5
74413d410ade63316e64fd13643c5472
-
SHA1
e799abf182ebbda566506ab24d1c3291d2b5045c
-
SHA256
a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d
-
SHA512
46278aecc22bfcb435f3463f8fccef1e9a11ee029f80f071f313033cd5c8e0f2939caba6a554797c217b7afc0f11f96e5dd6a29a72706696d848c976c31fcbcb
-
SSDEEP
12288:3gJKPIrufvlcmVUZ7DkosENw2xyVbzUh/e237lEXO52I4mYF+:3sKPmql7VUZ7PsECxXi2s4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-