General
-
Target
350856665e0c497c90a091be624825002a59df1b65404fdb9f82fe58013277c5
-
Size
43KB
-
Sample
211025-mkdrnsgac6
-
MD5
53d38f8aec071ed1464871f36ceb058b
-
SHA1
498f95fdfb05bf30036a6dafc72a22abcc4967ab
-
SHA256
350856665e0c497c90a091be624825002a59df1b65404fdb9f82fe58013277c5
-
SHA512
141c2797b3bac9e23f93bcb11120b30c74133b31d3a1e25aafb248ef0614ee5accad21d4c1b5e29edde4ef339d9a570f7dc5f7c71ca410f407c8e9a922ea1cef
Malware Config
Extracted
http://xamp.chickenkiller.com/MAMA/ConsoleApp15.exe
Extracted
agenttesla
Protocol: smtp- Host:
mail.sinyar.com - Port:
587 - Username:
info@sinyar.com - Password:
Sin@254#Sa2
Targets
-
-
Target
350856665e0c497c90a091be624825002a59df1b65404fdb9f82fe58013277c5
-
Size
43KB
-
MD5
53d38f8aec071ed1464871f36ceb058b
-
SHA1
498f95fdfb05bf30036a6dafc72a22abcc4967ab
-
SHA256
350856665e0c497c90a091be624825002a59df1b65404fdb9f82fe58013277c5
-
SHA512
141c2797b3bac9e23f93bcb11120b30c74133b31d3a1e25aafb248ef0614ee5accad21d4c1b5e29edde4ef339d9a570f7dc5f7c71ca410f407c8e9a922ea1cef
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-