General
-
Target
Purchase order.r15
-
Size
371KB
-
Sample
211019-nr99wsgfdj
-
MD5
4a886e6ab309caa330113290c50f3867
-
SHA1
85e5fdaaf61a05a86a7c46f9b8add2f03e0f28f8
-
SHA256
3b44d7b9e79bd392575e4dee8c5cab8b3105cf6aafaa695cc3480f24bb1a91f9
-
SHA512
6126919f6831746d863c0f18091473ae5d74828742d261816b53e8a45c808236691b23ca123d6c2f5c3be66fc2403b3fa044cb574d78c97d8f58dbe65a3685d7
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
Purchase order.exe
-
Size
395KB
-
MD5
19ed94f5448950a9d5bcd63228a635b3
-
SHA1
e7a88d2e71f82ac41195e766a47d1b9fd497ffd1
-
SHA256
057d53666aa40a761b4b096b884862cc108552bcb3a46bc92af7033e720612df
-
SHA512
036b3736308545aea0d341c1c2ccd7156ac5ba37f9f8fe442104d814c145022f715b6b0fa126a76e1f6bc80119486091b7b85b1ccdc7284544a90057451e3333
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-