General
-
Target
003847.pdf.exe
-
Size
82KB
-
Sample
211018-degrpsdhcm
-
MD5
c5b78f6103c7794006f9d5d966b3bdbe
-
SHA1
1858e3e0efd8c7a7df30c0af59ab3249c7f72e30
-
SHA256
f3d8fd75e106b26fb267e3d5c78c299b052c5ef53228b0f0fba3e308bcad1d26
-
SHA512
25d9b596d62bc4ac2bc86df9611c8fc0c4e098b0ce860fb43532dcfe0f60854071236eecea5f62ffac391d3023271c4e6f43d905a475e713da9dbc5ec85e919f
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: ftp- Host:
ftp://ftp.physemance.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
003847.pdf.exe
-
Size
82KB
-
MD5
c5b78f6103c7794006f9d5d966b3bdbe
-
SHA1
1858e3e0efd8c7a7df30c0af59ab3249c7f72e30
-
SHA256
f3d8fd75e106b26fb267e3d5c78c299b052c5ef53228b0f0fba3e308bcad1d26
-
SHA512
25d9b596d62bc4ac2bc86df9611c8fc0c4e098b0ce860fb43532dcfe0f60854071236eecea5f62ffac391d3023271c4e6f43d905a475e713da9dbc5ec85e919f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-