General
-
Target
affd8e6bdc328d5db92a6ae4d210f916.exe
-
Size
1.1MB
-
Sample
210721-p8qf5tv4hs
-
MD5
affd8e6bdc328d5db92a6ae4d210f916
-
SHA1
3abb4b3cb1ad4d12c81d611623973e8401e3e23b
-
SHA256
04cdbb87050fa773ed542d18c1993851661cdebcd06acb6af05bd9e03d14a1c8
-
SHA512
a6601b3d1bfa896c9284e35026f032ab2073f855be0e6a1354f1c8c86dff6e0e33c1471f062b81610ffd3e4133806de14edbd17b9e2ea21db424fa8ae10731eb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
miratechs.gq - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
affd8e6bdc328d5db92a6ae4d210f916.exe
-
Size
1.1MB
-
MD5
affd8e6bdc328d5db92a6ae4d210f916
-
SHA1
3abb4b3cb1ad4d12c81d611623973e8401e3e23b
-
SHA256
04cdbb87050fa773ed542d18c1993851661cdebcd06acb6af05bd9e03d14a1c8
-
SHA512
a6601b3d1bfa896c9284e35026f032ab2073f855be0e6a1354f1c8c86dff6e0e33c1471f062b81610ffd3e4133806de14edbd17b9e2ea21db424fa8ae10731eb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-