General
-
Target
9c33919f9e8a218686332f5e1879b8755a2579f8.ppam
-
Size
8KB
-
Sample
211201-qx1zhsfeh3
-
MD5
025c1af2b8e11a2001b7d359f2a4e58d
-
SHA1
9c33919f9e8a218686332f5e1879b8755a2579f8
-
SHA256
39d20d577f1cba20c8d720f08ae14eae8bd46fa60297a8b11d8f4aad6aa81221
-
SHA512
a37580612747a84a4796d8dbd64c8953e7e4606eb940bdbcaf2cc29ecacb1b2549b4d9414e242a01eee5ad026f0b99e2617b7932ba08e24ceb5b57208766ca45
Malware Config
Targets
-
-
Target
9c33919f9e8a218686332f5e1879b8755a2579f8.ppam
-
Size
8KB
-
MD5
025c1af2b8e11a2001b7d359f2a4e58d
-
SHA1
9c33919f9e8a218686332f5e1879b8755a2579f8
-
SHA256
39d20d577f1cba20c8d720f08ae14eae8bd46fa60297a8b11d8f4aad6aa81221
-
SHA512
a37580612747a84a4796d8dbd64c8953e7e4606eb940bdbcaf2cc29ecacb1b2549b4d9414e242a01eee5ad026f0b99e2617b7932ba08e24ceb5b57208766ca45
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-