General
-
Target
c9c44182868f91d736d02f2ef8affbad3ded1952ec30dc38dc5322a6daf80668
-
Size
428KB
-
Sample
220520-3tgspahec7
-
MD5
fad93009675a79c98c375d8c437c44c2
-
SHA1
ab49f07797776813687d6c1d294901e5cecc8b77
-
SHA256
c9c44182868f91d736d02f2ef8affbad3ded1952ec30dc38dc5322a6daf80668
-
SHA512
fd85a2e437cfb6eac2c5909f8ce0b041e48f214d7289005c173ddab98219d82004983c903f45775f9d334e2a8ffac113eec072247c4ba01767499bcf98b98b11
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
prosper12
Targets
-
-
Target
DKL009202007.exe
-
Size
473KB
-
MD5
1c9989ecca8c2147cf55c48739fc3e3f
-
SHA1
ddf7fd5840ecb44b37da1bda00c772abfa1c7c52
-
SHA256
3635089459144adafcae9fe463065b9c67dab179b0822f685fd630a7d5821b51
-
SHA512
bae9a22e0492c00d436ebd05644e6b66a3467423edcb103f8a8aac82efd7d73e3c59fe77e1f6b1a2d262acecd1d79e1758b642137ed2010b89d90022d03fbf8f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-