General
-
Target
QUOTATION_JULQTRA071244úPDF.scr
-
Size
337KB
-
Sample
240701-phsh6a1emb
-
MD5
0654315744338d14da164aa27a107d82
-
SHA1
a6bfb25480b54052be6a87f185c55689ed94ffee
-
SHA256
11230af42789c3711dfbba6f7d1e2c17d33265bfa81f87588fd6dd712a8ae79b
-
SHA512
8a83ef44af4021f71a7205474b99441c3d85da14640e985ed95d175d9d41432b24973b7325d4a0d0606a0136218c5dc9658da8aeaa7940f33ba00c3e1c3a1939
-
SSDEEP
768:FErzWmjjjjjjjjjjjjjJ2geu7Qe21zEjss2S3g1Ircn0sspAgpq8bLyg1uMN0+d:FErqEv7Qbk/pqELy0uyT+fh
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_JULQTRA071244úPDF.scr
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
QUOTATION_JULQTRA071244úPDF.scr
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
RaF5@@ts7^^!@San@<!! - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_JULQTRA071244úPDF.scr
-
Size
337KB
-
MD5
0654315744338d14da164aa27a107d82
-
SHA1
a6bfb25480b54052be6a87f185c55689ed94ffee
-
SHA256
11230af42789c3711dfbba6f7d1e2c17d33265bfa81f87588fd6dd712a8ae79b
-
SHA512
8a83ef44af4021f71a7205474b99441c3d85da14640e985ed95d175d9d41432b24973b7325d4a0d0606a0136218c5dc9658da8aeaa7940f33ba00c3e1c3a1939
-
SSDEEP
768:FErzWmjjjjjjjjjjjjjJ2geu7Qe21zEjss2S3g1Ircn0sspAgpq8bLyg1uMN0+d:FErqEv7Qbk/pqELy0uyT+fh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-