General
-
Target
RFQ #120032020.exe
-
Size
732KB
-
Sample
200718-y6wfpfn51x
-
MD5
e1fd408fd5c308ae16133649a522db80
-
SHA1
218a7bfdb2d1826422773d7a9ba4269b316ed2ae
-
SHA256
d32e5e98f0b4d284046a50db5237b4326a54943e185b57b0e6e76874479724fe
-
SHA512
32d7bf5566d4a8716434efd6027e35e92653bf43af5e980f523d96183313a0d47c75429fea3f30d25acd4259285ebd3b67ab2f8abfa8e6d719b65bb5f6a4479b
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.mdist.us - Port:
587 - Username:
[email protected] - Password:
Receiving#4321
Targets
-
-
Target
RFQ #120032020.exe
-
Size
732KB
-
MD5
e1fd408fd5c308ae16133649a522db80
-
SHA1
218a7bfdb2d1826422773d7a9ba4269b316ed2ae
-
SHA256
d32e5e98f0b4d284046a50db5237b4326a54943e185b57b0e6e76874479724fe
-
SHA512
32d7bf5566d4a8716434efd6027e35e92653bf43af5e980f523d96183313a0d47c75429fea3f30d25acd4259285ebd3b67ab2f8abfa8e6d719b65bb5f6a4479b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-