General
-
Target
70654 SSEBACT.zip
-
Size
382KB
-
Sample
211020-n8lmvshac7
-
MD5
8adf415a71f39ff38d6e8d14d0d49f22
-
SHA1
3e37733c25b169201ef5b60e8595c4ff7403866c
-
SHA256
48e3b16069adeab0b44b8f548f93db807067e29dd04900f931bc637b0bca29bf
-
SHA512
85cc137ffc6b7e9dc2b241cbaaf2636444142d5e2778293eb189a7ba7c556576f078b005ef8c5380e2fb376585d4b9586534cb79ab067c13ea6fb8d72f77ea49
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.timsonlogisticske.com - Port:
587 - Username:
[email protected] - Password:
timsam2015
Targets
-
-
Target
70654 SSEBACT.exe
-
Size
425KB
-
MD5
d091b52256537e80e25c3f59918bf605
-
SHA1
e11c107fc1db49c3507f82a4cda09152933f1660
-
SHA256
e8bc8d3153a2c062963162ee1692fa67d84ddbb28bb4accc2673a99315f3068c
-
SHA512
9b103b91dbb1092ac524cb76455d50fd32e24634e85d79a64fd28a232f7c504f2b63996449bf4940676d6ae9ba37dd6b3976a6ac2945678fbc637d52afccdfa5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-