General
-
Target
SOA.exe
-
Size
914KB
-
Sample
211025-dcq8csgdgm
-
MD5
d7e9ab4e5d6085c161063ae145fa7edc
-
SHA1
e16d3f12d0cb9421fb512626af888356ad35470c
-
SHA256
72cb1dacd6fe895eace8a7982a8730fba12f24a1272aaf4f538ca032759c9fc0
-
SHA512
9cb1c49e436aa5934a03cb52a7e592b98b1be0e1425d69209e189e6687148037de357983cae0af22c4395cb27f8b87b7210a65a7635efc7abd6cc77e7c30f868
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.manlogistics.in - Port:
587 - Username:
dilip.somkuwar@manlogistics.in - Password:
Ma&*$367Jhn
Targets
-
-
Target
SOA.exe
-
Size
914KB
-
MD5
d7e9ab4e5d6085c161063ae145fa7edc
-
SHA1
e16d3f12d0cb9421fb512626af888356ad35470c
-
SHA256
72cb1dacd6fe895eace8a7982a8730fba12f24a1272aaf4f538ca032759c9fc0
-
SHA512
9cb1c49e436aa5934a03cb52a7e592b98b1be0e1425d69209e189e6687148037de357983cae0af22c4395cb27f8b87b7210a65a7635efc7abd6cc77e7c30f868
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-