General
-
Target
QUOTATION_JUNQTRA031244·PDF.scr.exe
-
Size
2.0MB
-
Sample
240618-k5la5swhmd
-
MD5
6fed3897ec33eb7c9687521f27230d4f
-
SHA1
91fe908aaf50fd87341aef1205b011c6f62fee7f
-
SHA256
12a342b6a487518d9a0bd13adf3503b14b524d712351a48da4a3eea32ea24e40
-
SHA512
50b8890e609e0044d5a95e255c43772c0a24b80dac86e7980dcd6b2f23a72b518d285d7985d67302c19015c16ceffa70fcad0d14b77a3d3012fcb7ac008a12bd
-
SSDEEP
24576:rTsNDdDlnAh8b1XX0qIwjERO98EZ7F5jXGYp:rTsNDdZnhyXo5jXL
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_JUNQTRA031244·PDF.scr.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
QUOTATION_JUNQTRA031244·PDF.scr.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
RaF5@@ts7^^!@San@<!! - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_JUNQTRA031244·PDF.scr.exe
-
Size
2.0MB
-
MD5
6fed3897ec33eb7c9687521f27230d4f
-
SHA1
91fe908aaf50fd87341aef1205b011c6f62fee7f
-
SHA256
12a342b6a487518d9a0bd13adf3503b14b524d712351a48da4a3eea32ea24e40
-
SHA512
50b8890e609e0044d5a95e255c43772c0a24b80dac86e7980dcd6b2f23a72b518d285d7985d67302c19015c16ceffa70fcad0d14b77a3d3012fcb7ac008a12bd
-
SSDEEP
24576:rTsNDdDlnAh8b1XX0qIwjERO98EZ7F5jXGYp:rTsNDdZnhyXo5jXL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-