PO45678654345678654345.tar

General
Target

PO45678654345678654345.tar

Size

29KB

Sample

210131-m1f19a6wya

Score
10 /10
MD5

28fa1175f19a3f449701972a99887931

SHA1

cc3fba2b06e630b67234f0f3f4cf487c50bc83b7

SHA256

f75e8a3cd55e7ee1620a9f6dbd9b3d7ab8a7d42f41fbffcf9c498c2ee3563f83

SHA512

6b657674aab58f13fea4379f73699cca01ddbfee5a492b81e07b12c2092b910cf5f302a3a16d2bedca3923783813879c62a9755a2933456e57e50a3c76e8ef91

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: carmen@mullder-onions.com

Password: Work@123

Targets
Target

PO45678654345678654345.js

MD5

f1072676bdd2836b60e44fd7fc759017

Filesize

27KB

Score
10 /10
SHA1

1372ef6ced0d25dabbf6ed90343e3d3b4963fc5b

SHA256

93a7862d0c562c8b82cc14702ab4e6ef44f23bc5a1489225dc65f0965ca34ab7

SHA512

acfc154b9b1a9bcc2fe6ab2734c11743707bc622a68f92d92f9b3bea317e75ba024c33a8061d6cc478b8e245525ce4d84cb0bc9a3b1cb6f2afbc76a2a7041271

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Vjw0rm

    Description

    Vjw0rm is a remote access trojan written in JavaScript.

    Tags

  • AgentTesla Payload

  • Blocklisted process makes network request

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks