General
-
Target
85e678053279b100d60f9bc585c6292e51c6fcbe3692143e13033543095b8d43
-
Size
456KB
-
Sample
220521-ahqx1adbep
-
MD5
6719e7a4fc736d547f973cd5a10de08e
-
SHA1
fc17107faa4591dc8d3abae69b89de9120f5c69c
-
SHA256
85e678053279b100d60f9bc585c6292e51c6fcbe3692143e13033543095b8d43
-
SHA512
f374f9c47394618d3f63b8c4130df95c95f186ecae4b89bbe95b4cb3cb4cdd3a81c038cb7e3e6b07f607ef0d59a1e067d483f7947c8ecf20faed6d4df5412326
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
Purchase Order for 0514 BUY F20.exe
-
Size
653KB
-
MD5
b91b19a2a9241a966bac1b779f535a9a
-
SHA1
f0c42c1e4c4e8c55f87f2dd2ec804dea5facd1a2
-
SHA256
6bce48adaa5e0a1cd54afd864f5c494102cb7641c5552a5d8e5999f700738a2f
-
SHA512
2e5d97d3fb877910739cc2e4da649208004a5696c1278c3c56f5ea47bb7eaecfe483f6bb83e7393e55c93064ba369961dbdd35ef7747ae3e8ba3daff0e3e0bba
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-