General
-
Target
Swift 001.r00
-
Size
377KB
-
Sample
211025-lrmsgsghbq
-
MD5
de3919f42cf35d7fda9c98b4044bdaee
-
SHA1
03ea907e9eb7134278bcf693fcce677c588c9052
-
SHA256
22dabbf2059bde149552fe018287fc0b111badf1eedf706e30b2b40b8e1fc1c4
-
SHA512
22216c65b3453596b03ced9da4299f95ea457c964c6c1230055ea67bdd8db85732900b8494b804640f04956870e7eef209c0e87e13f48b042cac73f6201eb821
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.upgcambodia.com - Port:
587 - Username:
[email protected] - Password:
stock3168
Targets
-
-
Target
money $.exe
-
Size
442KB
-
MD5
ab7585441ef37e3becc9e16291c9a183
-
SHA1
6d734d333844615524faad5ff0c5c197998e0e95
-
SHA256
603f8bb918cf97d86b4e20c72ebd9138160475c24e7633b5cc4f7c7739b0203d
-
SHA512
4ea5f4edb9a37938bd532e6648a372dd0a2b237e663661e7dbcf9b889aa04e9ec6eecd8f03aaf71d77990013a8780b930192e02e5a9394b56cb326451ff0d769
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-