General
-
Target
TT_copy.exe
-
Size
561KB
-
Sample
200707-p48m2evz26
-
MD5
3596dca21b1e41c2cd233d18195cea13
-
SHA1
7e58382e71064bd5d7ecac40b0e6a3b95d32d5cc
-
SHA256
441efa986321eb0bdac9d133478f98a11dea6ff3a85af1c9c145a6049cb33cb6
-
SHA512
f8b645a7a68ab1f491afd0483447a0731ae79bb85999f421cee46a7c5de50fd53e48a3b50936303b809edaa70a773e7431bed0731527dbcc79c2fa3e2dac7939
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.mdist.us - Port:
587 - Username:
[email protected] - Password:
Receiving#4321
Targets
-
-
Target
TT_copy.exe
-
Size
561KB
-
MD5
3596dca21b1e41c2cd233d18195cea13
-
SHA1
7e58382e71064bd5d7ecac40b0e6a3b95d32d5cc
-
SHA256
441efa986321eb0bdac9d133478f98a11dea6ff3a85af1c9c145a6049cb33cb6
-
SHA512
f8b645a7a68ab1f491afd0483447a0731ae79bb85999f421cee46a7c5de50fd53e48a3b50936303b809edaa70a773e7431bed0731527dbcc79c2fa3e2dac7939
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-