General
-
Target
3b643d780998176ba4dac7970b723efecb4364156aa6254f21efe01d300909b3
-
Size
324KB
-
Sample
240430-bq5xkagf3s
-
MD5
d7f7c0ab2190bea0c13b7ba49089045f
-
SHA1
085806e5b8e5fb0597232656efee4a645c81e64a
-
SHA256
3b643d780998176ba4dac7970b723efecb4364156aa6254f21efe01d300909b3
-
SHA512
0fb0600184187ce7231d2eae3fc7739390b64f41159ea186d2af4dc08a33372b855c0ebba6bc1e36f9a3ad0060d9a15e4dd28c009ded2f347e51f9863060e10e
-
SSDEEP
6144:iaylmE5zUaK0wfMzuE9m48KZgNImdF0dG7VvyPUJQHfjCGVXRl:ijmsK6zuiFtp2id1PrfGO7
Static task
static1
Behavioral task
behavioral1
Sample
Quote.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Quote.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bnfm.com - Port:
587 - Username:
[email protected] - Password:
UpPencilViewFast398
Extracted
agenttesla
Protocol: smtp- Host:
mail.bnfm.com - Port:
587 - Username:
[email protected] - Password:
UpPencilViewFast398 - Email To:
[email protected]
Targets
-
-
Target
Quote.exe
-
Size
337KB
-
MD5
81eb19a3038cc9f1db89a3129e7b4ba7
-
SHA1
c0a26fbe354b6ed969e72bdf7b9e5f07c694d983
-
SHA256
29cc022580d4c19fcd07e74660434841b6c32bef1e65bd3868ea96b403916309
-
SHA512
05c1d32bc7f28a6f55f21846efeb172f2b6bb2d76bc574b36efc22c3236fef3f0b9b9dbbb9ca078118567bdb764eb6935f9f20ce2927a0ff2e41dad03ca2ec16
-
SSDEEP
6144:ZtIqthpa5mvlMjIK0wfMzui6TuodNNJJuh57dF0dSF+5wQOKcJOC9+jXy:bIqtFSjIK6zui6i0Zoidc+5w59J7A
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-