General
-
Target
c1784ab7c2eb7a051d2aaf67717d346a46bbcc273f7b463784667065ca3835c3
-
Size
398KB
-
Sample
220520-3v2jgshfa4
-
MD5
646ad9b23c61a9d630a31b55296e2786
-
SHA1
b6fccc3f8c773a47b60b00ba774e3e531e6ae764
-
SHA256
c1784ab7c2eb7a051d2aaf67717d346a46bbcc273f7b463784667065ca3835c3
-
SHA512
0a1e931e3ae2c7bfedddedb58f25a7282080d9dd1030cf0d6af1e2ee5f32d29529fa7cba478fdd67f688673e4bb6de6e4ecf8b604b2ad5837cda41b2cfab9acc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
Payment Copy.exe
-
Size
453KB
-
MD5
e938abf6b370dc32e811826c589e0159
-
SHA1
060d204f1faa1f3ddbb517e54f4b1ddebd472526
-
SHA256
9d5c49535278e4104eb439e9403bf70554ac3da0d871a0c2b386c40831eb1c3d
-
SHA512
1f4b6a8a749d1c4a586c59d47283c08f57caa7c7cd74e7333048d592a4f2b90f38353990db816e16e0db254bcd5968cfb68bfccfad0db33cd0f0cc96441e4aad
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-