General
-
Target
payment order.exe
-
Size
554KB
-
Sample
200707-jp189rrpm6
-
MD5
2d6c96a158cf807f92b6eed8f518a4e4
-
SHA1
0e6b7045e64738b94ab21970134731ae0ac6b642
-
SHA256
7ad411d81f0b0ea4d31ff167d9179212a0a692d14d32de04a7251bdd19e91de7
-
SHA512
89996d22fe9bd37f8b3a2e748e2ec97c4c858677d8187502428e38e3c3f051ac847fbd0235815b9fc539931f6c9277e0bfabb92a65665504375da5a6dff553b6
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.cordialtours.com - Port:
587 - Username:
[email protected] - Password:
swagglord427
Targets
-
-
Target
payment order.exe
-
Size
554KB
-
MD5
2d6c96a158cf807f92b6eed8f518a4e4
-
SHA1
0e6b7045e64738b94ab21970134731ae0ac6b642
-
SHA256
7ad411d81f0b0ea4d31ff167d9179212a0a692d14d32de04a7251bdd19e91de7
-
SHA512
89996d22fe9bd37f8b3a2e748e2ec97c4c858677d8187502428e38e3c3f051ac847fbd0235815b9fc539931f6c9277e0bfabb92a65665504375da5a6dff553b6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-