General
-
Target
Docs_Ship.r11
-
Size
613KB
-
Sample
210721-x7qv5cqyt2
-
MD5
af3b8e50273970903dcda39cfe17de45
-
SHA1
63140db148b783fd3803a20d3ec21c882c236f3e
-
SHA256
eb98f8207ac56b6b83adf5bd84c851e3b66e21ed29dc4b24b9653c4a3ed4340f
-
SHA512
6988351efdbd2d134753a3fe3546e2e180f9ded613527cee9c8757de5766e61dda05dbfa8a713375c744b64301f98285eeb16e5d87b45ffd3ac2b8340b2401dc
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
smtp.poolcoempany.com - Port:
587 - Username:
[email protected] - Password:
$VrwtB*1
Targets
-
-
Target
Docs_Ship.exe
-
Size
5.0MB
-
MD5
73bb12c76ed5c20288ce04c4f4366a04
-
SHA1
a715c9959b4c077b4f6a336925c2f71b5fcb7491
-
SHA256
60787d8474b04b246ce69957c1d0e4f31b80e93f699eeec2ae3a707a8e933453
-
SHA512
25a5fe0862c9a4ee46937e668df06c1c0db67e4f978de8cf3a8afcb291feb96898bceeef79a47eed592a9a8a626f94d618180407094fb70edb8f63c9033aa11a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-