General
-
Target
ORIGINAL SCAN DOX.exe
-
Size
369KB
-
Sample
211025-gs66asffd2
-
MD5
d8cca243bb4948a1d2671f6cc0b5167c
-
SHA1
f318f53fd9fe4a401e4243be9dbb6e556f8eda02
-
SHA256
cf99f114e53071f1814e884842256d161994d2ac2a195773afa68ec06c8a50d7
-
SHA512
6ccef1b5068aa12742edd429405ed29a6bd11e0ed562482635572fcdecad915598e527689574dbe9b2a7046e8055b522b268b0626f1e341da79039a353d221fe
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
project2021blessing
Targets
-
-
Target
ORIGINAL SCAN DOX.exe
-
Size
369KB
-
MD5
d8cca243bb4948a1d2671f6cc0b5167c
-
SHA1
f318f53fd9fe4a401e4243be9dbb6e556f8eda02
-
SHA256
cf99f114e53071f1814e884842256d161994d2ac2a195773afa68ec06c8a50d7
-
SHA512
6ccef1b5068aa12742edd429405ed29a6bd11e0ed562482635572fcdecad915598e527689574dbe9b2a7046e8055b522b268b0626f1e341da79039a353d221fe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-