Overview

overview

10

Static

static

3

Quotation.exe

windows7-x64

10

Quotation.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    53KB

  • Sample

    240212-jptrxagb5z

  • MD5

    141d3929774d61692a2e7e131fb9d1f0

  • SHA1

    5ce4b97e883c22b1821b83218b83e90385f8b079

  • SHA256

    8a9b58dda00b9d042b64f9ac6f3984daacb2ee7336c5ca25a363f84f3b0082b4

  • SHA512

    1770bb9f0cf2223fa8911e1035bf15775ee067a7cddb3766502ddb24369d3c22fcba78cbc97454de248fe047536ac1b459b14117f9fffe6dc68abf4d98677e97

  • SSDEEP

    768:h5DN+HMK88L9O+B9oArLiVz0bcHBbM4KElNm2Y6ejiaV7FPEHh51zF3CQ55ZwKw:hrrrH53FY65Hh5hFf55ZwKw

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.gasplants.quest
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ifeanyi1987@

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Quotation.exe

    • Size

      53KB

    • MD5

      141d3929774d61692a2e7e131fb9d1f0

    • SHA1

      5ce4b97e883c22b1821b83218b83e90385f8b079

    • SHA256

      8a9b58dda00b9d042b64f9ac6f3984daacb2ee7336c5ca25a363f84f3b0082b4

    • SHA512

      1770bb9f0cf2223fa8911e1035bf15775ee067a7cddb3766502ddb24369d3c22fcba78cbc97454de248fe047536ac1b459b14117f9fffe6dc68abf4d98677e97

    • SSDEEP

      768:h5DN+HMK88L9O+B9oArLiVz0bcHBbM4KElNm2Y6ejiaV7FPEHh51zF3CQ55ZwKw:hrrrH53FY65Hh5hFf55ZwKw

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks