General
-
Target
t4IMlwZMoIeKGQL.exe
-
Size
645KB
-
Sample
211018-gfrvvadbb4
-
MD5
393f89477fe3d6aabb74cb7ab0c889fd
-
SHA1
9c08992baeb0373c0996ad09d57abec3d761427e
-
SHA256
4caa07b5c1075d0316e76251c1e95b36dce7be3c737e7e4947cc99a3e7b484f2
-
SHA512
b5ec43a8edb371725b84f7cda5da60b30efa2c7ef734fa3a1aa5655e7125b9514f8fecb1b0d6f31f33a23148ce63ec008ae11389a5d487d24782aab99c62fd9a
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.lahaciendamontericogrande.com.pe - Port:
587 - Username:
[email protected] - Password:
e$$
Targets
-
-
Target
t4IMlwZMoIeKGQL.exe
-
Size
645KB
-
MD5
393f89477fe3d6aabb74cb7ab0c889fd
-
SHA1
9c08992baeb0373c0996ad09d57abec3d761427e
-
SHA256
4caa07b5c1075d0316e76251c1e95b36dce7be3c737e7e4947cc99a3e7b484f2
-
SHA512
b5ec43a8edb371725b84f7cda5da60b30efa2c7ef734fa3a1aa5655e7125b9514f8fecb1b0d6f31f33a23148ce63ec008ae11389a5d487d24782aab99c62fd9a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-