General
-
Target
Order specification & Drawing_Docx.scr
-
Size
1.0MB
-
Sample
211026-hj7wxahgfj
-
MD5
5aac80b58b2cbafc4aa79ed0e9282e72
-
SHA1
e851b005e647510a4f9a3255478d6923280d2734
-
SHA256
4196b2e1248f1a299fc7ab90743042baa293dc7f530f2498fd406a40945cb6c3
-
SHA512
2e4844ac3c43acec0426048b93268bd64d7f785b07ec08f7c119f1b87fe5919d10075a08871bdb168d92d43fa09cb87e0b54b1943b5564e84bed3044f8f42b0d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure300.inmotionhosting.com - Port:
587 - Username:
[email protected] - Password:
HCBo3_tl-nKP1
Targets
-
-
Target
Order specification & Drawing_Docx.scr
-
Size
1.0MB
-
MD5
5aac80b58b2cbafc4aa79ed0e9282e72
-
SHA1
e851b005e647510a4f9a3255478d6923280d2734
-
SHA256
4196b2e1248f1a299fc7ab90743042baa293dc7f530f2498fd406a40945cb6c3
-
SHA512
2e4844ac3c43acec0426048b93268bd64d7f785b07ec08f7c119f1b87fe5919d10075a08871bdb168d92d43fa09cb87e0b54b1943b5564e84bed3044f8f42b0d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-