General
-
Target
804661f3ee9687b482ad2bdf879f61254736c5bdb62493cc8ddfc927812a423c
-
Size
351KB
-
Sample
220520-2rnmsafhb5
-
MD5
1ff81e38a4757320ab6c1b09dfe24e32
-
SHA1
ae99d8fc6148ce939fceb8124566077476aa3b28
-
SHA256
804661f3ee9687b482ad2bdf879f61254736c5bdb62493cc8ddfc927812a423c
-
SHA512
44a4dfeca12cf44df5bcbdfa49fb714969791c72082a2f1fef8601509d9284119af895040a1e40ced3aea833e9a21883c3ec96f89a1755c67f890af936180a58
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
[email protected] - Password:
pawan100
Targets
-
-
Target
Term and Conditions.exe
-
Size
389KB
-
MD5
25c25e8a6169d9debe8d2d98a8264b84
-
SHA1
7894e65a0ff81a059d6b72def4fc6a3563ed9560
-
SHA256
4e6f8dbaac0d3d8f52ed89bbd3a295661640c929394ae12adb0248638eaf02d8
-
SHA512
9b4025838ff70c094687617d48e8858d761932734ae7e2b2a3b1dddc0019fad05f26000333f05fbd8271bf59f641ae37f34109efa6cc0d864334db6fdb89c726
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-