General
-
Target
PaymentConfirmation.exe
-
Size
598KB
-
Sample
200707-hyws5bx1ga
-
MD5
968c93132fbe953eef1c9e9745fc5105
-
SHA1
fe1e8bd516af4ce7f8b4991de128f4f476cec9f9
-
SHA256
1b3649284ca4a79f52fc8dac008634540bbb8aa49d0903b6899f8708b37a3df9
-
SHA512
7a938b3f4c97a5c496a8ed6efa285676693c84148b6ef485d0f46b8ccba7d7b99e2db8bd1237134ec199480b3ceab5b5c3c7d85019c503506ba5ad784dd55047
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Hunter$#@145722
Targets
-
-
Target
PaymentConfirmation.exe
-
Size
598KB
-
MD5
968c93132fbe953eef1c9e9745fc5105
-
SHA1
fe1e8bd516af4ce7f8b4991de128f4f476cec9f9
-
SHA256
1b3649284ca4a79f52fc8dac008634540bbb8aa49d0903b6899f8708b37a3df9
-
SHA512
7a938b3f4c97a5c496a8ed6efa285676693c84148b6ef485d0f46b8ccba7d7b99e2db8bd1237134ec199480b3ceab5b5c3c7d85019c503506ba5ad784dd55047
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-