General
-
Target
fa6ab308ac8aba1c5637edf43e54181372e59dd943390d49e01a4a50862d2f02
-
Size
728KB
-
Sample
231205-vxfqssdf55
-
MD5
6e92a45a193ddde406df4a5df3292f44
-
SHA1
758dbe2af500b0cd7e35b6c35633826b31256853
-
SHA256
fa6ab308ac8aba1c5637edf43e54181372e59dd943390d49e01a4a50862d2f02
-
SHA512
7c40acdd51d65f87ab7b83d03b1fddeca4517d45cdf516c3a0c79d9a4ae37efd47da5158d79fb9259357874b537d8c48bb4226f6c76dd88b69ca12be315d72f0
-
SSDEEP
12288:PdJh1ej1hPtBQkQ+Y3y56b2CzqTVwq+xfPvAm/NXU6PyrfKU6C0+SmLcsAp+8h:1z1ahPtqkLEb2COZr+xfPv1/NXT46dUI
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF - Email To:
[email protected]
Targets
-
-
Target
Quotation.exe
-
Size
811KB
-
MD5
12ce994a7771f557860a1dd0a6d7fa86
-
SHA1
02fb55374e6fcc35838a86f61be0d1777c5b0ce1
-
SHA256
34cd5a3fe4b96b4fd09ec6ea72ee1cd3924d5a69cd1a27c894c44cc705e6b5f8
-
SHA512
6938c6c7a02b0260fe96563e36b438729b4a0251f59c5a74e1ea0bb845773ec3e6b5c88626984288b84088084c904ffd7f717655d7244bee03449d24b36f6302
-
SSDEEP
24576:o34/up+pJcQ52CON7+xxPBeGVWtbU5N7:o38PJyN7+xWMWtIj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-