General
-
Target
Quotation.exe
-
Size
1.2MB
-
Sample
241104-kxqkwsxhmf
-
MD5
9ed064f0feb2397bb999563751c20b92
-
SHA1
810d6882ab53614c20950da17021650fed89f5d8
-
SHA256
f849a928785cb16a719369fbe98c9246bc84d634f3547467a3223fa148a6b09b
-
SHA512
ef7d103dad237045980181b85ddc6b0d4ffbbcbdf38eb2a56b09823baae143f52c336f89ec45bd872f7dca255156b9f44208e979e37f0995a18fc7f2de359ffd
-
SSDEEP
24576:S4nhDoAFq5Avnh/KPGB8mTyBNFX3FZNXLGQ7WczkxFnfbP9:S+hkT6vnh/J8oy5X3PNXKQKczg
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.showpiece.trillennium.biz - Port:
587 - Username:
[email protected] - Password:
3KJ[T.3]fsSW - Email To:
[email protected]
Targets
-
-
Target
Quotation.exe
-
Size
1.2MB
-
MD5
9ed064f0feb2397bb999563751c20b92
-
SHA1
810d6882ab53614c20950da17021650fed89f5d8
-
SHA256
f849a928785cb16a719369fbe98c9246bc84d634f3547467a3223fa148a6b09b
-
SHA512
ef7d103dad237045980181b85ddc6b0d4ffbbcbdf38eb2a56b09823baae143f52c336f89ec45bd872f7dca255156b9f44208e979e37f0995a18fc7f2de359ffd
-
SSDEEP
24576:S4nhDoAFq5Avnh/KPGB8mTyBNFX3FZNXLGQ7WczkxFnfbP9:S+hkT6vnh/J8oy5X3PNXKQKczg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Guloader family
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
d6f54d2cefdf58836805796f55bfc846
-
SHA1
b980addc1a755b968dd5799179d3b4f1c2de9d2d
-
SHA256
f917aef484d1fbb4d723b2e2d3045cb6f5f664e61fbb3d5c577bd1c215de55d9
-
SHA512
ce67da936a93d46ef7e81abc8276787c82fd844c03630ba18afc3528c7e420c3228bfe82aeda083bb719f2d1314afae913362abd1e220cb364606519690d45db
-
SSDEEP
192:acA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:RR7SrtTv53tdtTgwF4SQbGPX36wJMw
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1