General
-
Target
Payment Slip.ace
-
Size
55KB
-
Sample
211019-lsy7xagdfl
-
MD5
6d13873a053be7742317fd310f5d1307
-
SHA1
ed2e3ea2a915b174b53637252682e4d8e1f89f4c
-
SHA256
3b90e29fb249892cf6dc101070bd0acf70acb19e387cb92a279c743ac23f6898
-
SHA512
dfe6a6d2132ca6563b7285d4251c9943f4c83be35fae6c5126c54dd2435b4ebf1f8ad51b5a9e7a684059b22735844403528b713bb6dad17b15d0e3d31371bec2
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
[email protected] - Password:
VilaVrgade852
Targets
-
-
Target
Payment Slip.exe
-
Size
81KB
-
MD5
6e93f7298beda239f60083a0c5425060
-
SHA1
3eae538f716c7ef96ec27915d966e5ee8eb95f61
-
SHA256
f3a8222b6462aafcc1d47fa1a1ca8972daf438b0d98666308958982307ab88fd
-
SHA512
559cf0a364fb1e2fd6d40a0113d201e81f531c325aaf4ddb701b1343bfedb654ed7ab34a0eff07eeb5cde7e5cf674bf5cd0fabc55b3638b26e77cd8cf31c4a23
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-