General
-
Target
quotationsheet.exe
-
Size
703KB
-
Sample
240603-lvhb6sae81
-
MD5
d1e338f0c608088b7b5aa2e20c3df8ca
-
SHA1
e27a61a67b4c103595135df9567cac7152d93765
-
SHA256
d3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d
-
SHA512
2664e688950b24991784c62c7e898f23d4d95b8847122add721ce1e88030b84456c54394ea23488d840009a74032d799db004af9ffe9e352f5abb02061ca9b97
-
SSDEEP
12288:nbhdAAU3oYkb4oGrX52fAXAxySliLh4oIhoBIBAjdHU5TCsnX+phDqM9FDv:nHAZo1FiJWAQGLCoIK6AFiGsO7D9v
Static task
static1
Behavioral task
behavioral1
Sample
quotationsheet.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
quotationsheet.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7225809616:AAEt7H1sHiGor6_FJDBNVWoXF_3jTIBVboA/
Targets
-
-
Target
quotationsheet.exe
-
Size
703KB
-
MD5
d1e338f0c608088b7b5aa2e20c3df8ca
-
SHA1
e27a61a67b4c103595135df9567cac7152d93765
-
SHA256
d3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d
-
SHA512
2664e688950b24991784c62c7e898f23d4d95b8847122add721ce1e88030b84456c54394ea23488d840009a74032d799db004af9ffe9e352f5abb02061ca9b97
-
SSDEEP
12288:nbhdAAU3oYkb4oGrX52fAXAxySliLh4oIhoBIBAjdHU5TCsnX+phDqM9FDv:nHAZo1FiJWAQGLCoIK6AFiGsO7D9v
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-