General
-
Target
shipping documents.exe
-
Size
372KB
-
Sample
211025-rseq6ahbdq
-
MD5
b9b1a4892fbdf335918eca0ee1cb98c6
-
SHA1
7b4a56e63341d38dfa0ee54399afe2e233a62bd7
-
SHA256
4c0efa3fe44849d5405a515cbd3e89c5b72280d2cc378a05c704de4a5ec79147
-
SHA512
61d76e74a4875d29f8b5fce950ebffbc56e995557c65e3894262dd5703ea22c744f5c05b7f23880ccb453d980c80d7f05ba0df71d121e9d4edf29e96b900d2a1
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
project2021blessing
Targets
-
-
Target
shipping documents.exe
-
Size
372KB
-
MD5
b9b1a4892fbdf335918eca0ee1cb98c6
-
SHA1
7b4a56e63341d38dfa0ee54399afe2e233a62bd7
-
SHA256
4c0efa3fe44849d5405a515cbd3e89c5b72280d2cc378a05c704de4a5ec79147
-
SHA512
61d76e74a4875d29f8b5fce950ebffbc56e995557c65e3894262dd5703ea22c744f5c05b7f23880ccb453d980c80d7f05ba0df71d121e9d4edf29e96b900d2a1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-