General
-
Target
Order_874844_376353.Zip.rar
-
Size
100KB
-
Sample
211019-d1ybksfbe8
-
MD5
4287ca27401f86eba90b263bcf5a15d8
-
SHA1
8badbe0dadef18a38040e381cb2c07a542681d9e
-
SHA256
4554cbada94b7b4cca8fa646870eccb2d46dd7ca804cc1d1120f22dabce0145c
-
SHA512
8c3cea17a2a9951063090d08be1475bde9b0f43ffad956db6d505c5ac80abba1cc23dba828fe5bc3f49829e0613707bb6a1a2c8deb4c4122aebc99eaf0778a3b
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: ftp- Host:
ftp://ftp.physemance.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
Order_874844_376353.exe
-
Size
129KB
-
MD5
597840891d0f619d49b499298a5897bf
-
SHA1
dec68f6727cf685869b9971a968fc8ad35fb4934
-
SHA256
c039e57a33d3a58d59d38d325a160a61725940cd5d5f25e23855ae56660004ee
-
SHA512
960c3abb5eaa37eee1e3fb3e26982222fe24064f7dff507d2e40f4a9be3653ed50dd36ca248587a3f00f9e57103b9dcfe352304e61b69feb33501de55d762f22
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-