General
-
Target
PO #18703-A.r00
-
Size
356KB
-
Sample
211025-ycrt4sgeh3
-
MD5
7c62839323f6ecabba2f48447f6156d1
-
SHA1
1ceec6e1c508c9708674d89a5fb571b1b1150a96
-
SHA256
e6306620e2adc8f1156897260b7d7b0a52b21990ac0ce957adfdc4a8b37eb133
-
SHA512
1a725f78712111ed06443c1b3c02839b71baf8c614fd52250c48fef7656b24b99744d18117b87250e0ce4ce93541a23cd1b4ea7a70e03f3da58ccfd5388400f7
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
project2021blessing
Targets
-
-
Target
PO #18703-A.exe
-
Size
372KB
-
MD5
b9b1a4892fbdf335918eca0ee1cb98c6
-
SHA1
7b4a56e63341d38dfa0ee54399afe2e233a62bd7
-
SHA256
4c0efa3fe44849d5405a515cbd3e89c5b72280d2cc378a05c704de4a5ec79147
-
SHA512
61d76e74a4875d29f8b5fce950ebffbc56e995557c65e3894262dd5703ea22c744f5c05b7f23880ccb453d980c80d7f05ba0df71d121e9d4edf29e96b900d2a1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-