General
-
Target
QUOTATION_MARQTRA031244·PDF.scr
-
Size
2.8MB
-
Sample
240327-z2erhsfd3v
-
MD5
2dbfe9bcbfabc3bff58b533c3476bafd
-
SHA1
dc5203b898c5c376c05ac6c42af1a0051077f268
-
SHA256
5b18cfc544be536be80a503accd17e1ac815ead94a702b83398aed17cf8223f6
-
SHA512
0c96c6824c51556f50a416fbd0d26f51bcf369b6af56c8043dcdbfc27224f6b1cda82b3bce9fdcdf306b3afb34c77958c81e4bc2592bff33147ece1ba70f97d9
-
SSDEEP
49152:y7/SxvrzAN7LzMe0Uf9r/7p84b0osRYPDEjqPz3QETw70UBKnEEbdxm84:dqLbDf9r/7p84AFaEjqPrQET+rEbbL
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_MARQTRA031244·PDF.scr
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
Dasco..!@@hT!3V - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_MARQTRA031244·PDF.scr
-
Size
2.8MB
-
MD5
2dbfe9bcbfabc3bff58b533c3476bafd
-
SHA1
dc5203b898c5c376c05ac6c42af1a0051077f268
-
SHA256
5b18cfc544be536be80a503accd17e1ac815ead94a702b83398aed17cf8223f6
-
SHA512
0c96c6824c51556f50a416fbd0d26f51bcf369b6af56c8043dcdbfc27224f6b1cda82b3bce9fdcdf306b3afb34c77958c81e4bc2592bff33147ece1ba70f97d9
-
SSDEEP
49152:y7/SxvrzAN7LzMe0Uf9r/7p84b0osRYPDEjqPz3QETw70UBKnEEbdxm84:dqLbDf9r/7p84AFaEjqPrQET+rEbbL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-