Overview

overview

10

Static

static

7

Qoutation.exe

windows7-x64

10

Qoutation.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4de837e808c22929c0ceaac6654e3d0d300c59bc9c3a9f6f401882ad508711ef.7z

  • Size

    658KB

  • Sample

    240704-bte6baydkd

  • MD5

    a15cf4c62df233cceac2e7aca796ee45

  • SHA1

    527d439cc1b42022e54115864124c8f190351356

  • SHA256

    4de837e808c22929c0ceaac6654e3d0d300c59bc9c3a9f6f401882ad508711ef

  • SHA512

    b8db3b7fe57bb4c5434f9132b863d296a7ca94ced4f566352b6f37aa4145fd407660febd706d33ae4e56b57f54300158ba835101e4c274c5c89b145a3d2700ca

  • SSDEEP

    12288:rpODnOfsh+iOvAiNHps7rOJtdRqSSdVzP0XaFiVMEqzXCoFvL592EeHs7iwZJeBs:rpwuvp3tSlP/iWE0SoFvL592LM75Ys

Score
10/10
agentteslakeyloggerspywarestealertrojanupx

Malware Config

Targets

    • Target

      Qoutation.exe

    • Size

      683KB

    • MD5

      258b043e478474b4278d8e1f785a2748

    • SHA1

      059741a640e723ec8efc6628e4cea4d0435c8cde

    • SHA256

      3eeac268527d9ec3216d79f718dc289d2188cbe026696b7e8025a9ed3aec2a05

    • SHA512

      8905d70d17822cc916bf9837001a750e4e37fbbf8c0529233c474944817570649c521ac78a7f1cb75459978905e11d2b5900470651e510f046124ad8b0f134a1

    • SSDEEP

      12288:OYV6MorX7qzuC3QHO9FQVHPF51jgc4XKUN2uREDb4aO55p27gFJ5FT4rZwZuT:tBXu9HGaVH4aKKcb5S74K

    Score
    10/10
    agentteslakeyloggerspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks