Overview

overview

10

Static

static

3

QUOTATIO.exe

windows7-x64

10

QUOTATIO.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00ffd96207235c6c5db59564da206dde1eb4edd7baa8e80cdf73ca5966ce64c4

  • Size

    1.3MB

  • Sample

    231206-epw5tabb22

  • MD5

    12825b62261cfe026f20540ffb80870d

  • SHA1

    4b96a0f6f6806e4972303084ebd422c0524118eb

  • SHA256

    00ffd96207235c6c5db59564da206dde1eb4edd7baa8e80cdf73ca5966ce64c4

  • SHA512

    b1f197c306f7ef8ca7ed5ec901bd395dfdfd937e093b088061f121a803eb34888b246fe4329dfe079b834694344337a9ce850b177566fea625a6d336da0b452c

  • SSDEEP

    24576:3ii/tD/61g2k7URPAA0jZENCxsnEUbceCw9u/:Nx6rk7UmZ8ZEUbcIa

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.showpiece.trillennium.biz
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    9E&7dhd*~kx8

Targets

    • Target

      QUOTATIO.EXE

    • Size

      795KB

    • MD5

      d7920afa8a4ef3b686c1e1bb01bcb932

    • SHA1

      948311e4531837b8f9fb51d5863790e7cc9091b3

    • SHA256

      53e37eafee1ac440492fc29df6bdfcce69c927c8fe4c7ecba9ddf89fb83be29e

    • SHA512

      cb669255f0d069241f64520209775227a8ba348bb829ed7954ae4bf61360465b8fb20a8dfa8dd637fdaf16fceab5071f070d56694f360b78d156ae4a82399867

    • SSDEEP

      24576:qii/tD/61g2k7URPAA0jZENCxsnEUbceCw9u/:qx6rk7UmZ8ZEUbcIa

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks