General
-
Target
ap48HeATQYHcrwN.exe
-
Size
437KB
-
Sample
211020-l9nshaghc7
-
MD5
9b22dc57a731a0a502a43597b27128bf
-
SHA1
a04e5092ceeb4cef232ca35eb7b1bb10b39ed8d0
-
SHA256
186105dca5f36d5109a075a9b4a9eac5114e34377cacc519dcd6f5cf0541c9f3
-
SHA512
e94f3866385ceeaeebfc401d154fc81dfa6f10475df98eee2888269cbc58b7a1560231cf76552239902efbb20de89a9199763595dd95e41b4e58ab60694e09fb
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.priserveinfra.com - Port:
587 - Username:
operations@priserveinfra.com - Password:
oppipl121019
Targets
-
-
Target
ap48HeATQYHcrwN.exe
-
Size
437KB
-
MD5
9b22dc57a731a0a502a43597b27128bf
-
SHA1
a04e5092ceeb4cef232ca35eb7b1bb10b39ed8d0
-
SHA256
186105dca5f36d5109a075a9b4a9eac5114e34377cacc519dcd6f5cf0541c9f3
-
SHA512
e94f3866385ceeaeebfc401d154fc81dfa6f10475df98eee2888269cbc58b7a1560231cf76552239902efbb20de89a9199763595dd95e41b4e58ab60694e09fb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-