General
-
Target
16994c0ae13b33ca8f14d2e4d2c24c080bbda207bf2046818003beb0a735a9a7
-
Size
907KB
-
Sample
220302-x2ytaahffk
-
MD5
0c60e37e458624586822d07b93216d0a
-
SHA1
118135c261e99ed4a986d3889d29d28d485080a9
-
SHA256
16994c0ae13b33ca8f14d2e4d2c24c080bbda207bf2046818003beb0a735a9a7
-
SHA512
3f38f22137c94bff735a8cb5c6e766f0ef06b4a70b77b6767b33055622bd7a03f4842668ffdd9e8fc09e50efb192c94db9399c15e36a6b5a57c2f30f19856e3c
Malware Config
Extracted
agenttesla
https://agusanplantation.com/v/v/inc/9c523a9e14cc09.php
Targets
-
-
Target
16994c0ae13b33ca8f14d2e4d2c24c080bbda207bf2046818003beb0a735a9a7
-
Size
907KB
-
MD5
0c60e37e458624586822d07b93216d0a
-
SHA1
118135c261e99ed4a986d3889d29d28d485080a9
-
SHA256
16994c0ae13b33ca8f14d2e4d2c24c080bbda207bf2046818003beb0a735a9a7
-
SHA512
3f38f22137c94bff735a8cb5c6e766f0ef06b4a70b77b6767b33055622bd7a03f4842668ffdd9e8fc09e50efb192c94db9399c15e36a6b5a57c2f30f19856e3c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-