General
-
Target
3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde
-
Size
489KB
-
Sample
220521-ay13xaeabp
-
MD5
5563d8df483e389931a1971a936f7af6
-
SHA1
a5ed2677ac2aa2d15ad47eb124a960aabccde519
-
SHA256
3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde
-
SHA512
42144f35e15cf293e8f1c189d12c449ea34594def87972c7592bf378753d58e915c339cde8a4f15876314edaa489c1e56cdbb5561aeb5ea59b7fd0e243c5e62a
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.millndustries.com - Port:
587 - Username:
[email protected] - Password:
s@X?j9y~sK3g
Targets
-
-
Target
shipping doument.exe
-
Size
606KB
-
MD5
df464a927fa22e0d5a60ab2cfb494167
-
SHA1
837f52e134d62a29cf638b4b0b26055a11355870
-
SHA256
fb48b5cc967c5bea1799607218168a28acf394c89b5d89de2b7a98ad1a2e0c8c
-
SHA512
328ffbb284f4b24fe02c200bc173986d259ad86661af8bc4a3e45cfcb52307dbae316bf587adbe88d8c42f412c198528cb8dea269f4abe2c23359e5416147959
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-