General
-
Target
Quotation.exe
-
Size
398KB
-
Sample
200630-7ksqjfgvn2
-
MD5
acf625220d32911234345c7c65bf0477
-
SHA1
dea87c877a0ea827b654fb9c0d4e66d51aea212c
-
SHA256
22bb4fb64047a3ccdb9e79080e9b9769733a84fceb7d2ec8e82d3823802e33fb
-
SHA512
60622fa547a08ed113c9579372b91c07758bf2fbc3670317e5a227ddaa4968c6297f4c5cef59b1771d86604b5219e7c61a273fe6db9bda55129278abbdd42c5e
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
telley_min@vectromtech.com - Password:
111aaa
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
telley_min@vectromtech.com - Password:
111aaa
Targets
-
-
Target
Quotation.exe
-
Size
398KB
-
MD5
acf625220d32911234345c7c65bf0477
-
SHA1
dea87c877a0ea827b654fb9c0d4e66d51aea212c
-
SHA256
22bb4fb64047a3ccdb9e79080e9b9769733a84fceb7d2ec8e82d3823802e33fb
-
SHA512
60622fa547a08ed113c9579372b91c07758bf2fbc3670317e5a227ddaa4968c6297f4c5cef59b1771d86604b5219e7c61a273fe6db9bda55129278abbdd42c5e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-