General
-
Target
00ffd96207235c6c5db59564da206dde1eb4edd7baa8e80cdf73ca5966ce64c4
-
Size
1.3MB
-
Sample
231206-epw5tabb22
-
MD5
12825b62261cfe026f20540ffb80870d
-
SHA1
4b96a0f6f6806e4972303084ebd422c0524118eb
-
SHA256
00ffd96207235c6c5db59564da206dde1eb4edd7baa8e80cdf73ca5966ce64c4
-
SHA512
b1f197c306f7ef8ca7ed5ec901bd395dfdfd937e093b088061f121a803eb34888b246fe4329dfe079b834694344337a9ce850b177566fea625a6d336da0b452c
-
SSDEEP
24576:3ii/tD/61g2k7URPAA0jZENCxsnEUbceCw9u/:Nx6rk7UmZ8ZEUbcIa
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATIO.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
QUOTATIO.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.showpiece.trillennium.biz - Port:
587 - Username:
[email protected] - Password:
9E&7dhd*~kx8 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.showpiece.trillennium.biz - Port:
587 - Username:
[email protected] - Password:
9E&7dhd*~kx8
Targets
-
-
Target
QUOTATIO.EXE
-
Size
795KB
-
MD5
d7920afa8a4ef3b686c1e1bb01bcb932
-
SHA1
948311e4531837b8f9fb51d5863790e7cc9091b3
-
SHA256
53e37eafee1ac440492fc29df6bdfcce69c927c8fe4c7ecba9ddf89fb83be29e
-
SHA512
cb669255f0d069241f64520209775227a8ba348bb829ed7954ae4bf61360465b8fb20a8dfa8dd637fdaf16fceab5071f070d56694f360b78d156ae4a82399867
-
SSDEEP
24576:qii/tD/61g2k7URPAA0jZENCxsnEUbceCw9u/:qx6rk7UmZ8ZEUbcIa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-