General
-
Target
3b56c76437eeb82b4658b8bb59a6f6f453e83f1da3f95354498eafd28414e333
-
Size
787KB
-
Sample
220521-b1992acgh9
-
MD5
79cbfbbaa50fcf69fc383dcf4f1b34c2
-
SHA1
4bb99605af43a614b9a6ed5a3d2014dffc94693f
-
SHA256
3b56c76437eeb82b4658b8bb59a6f6f453e83f1da3f95354498eafd28414e333
-
SHA512
30c1b53eaf82df7a596200a6dc9ed64392252645db0c4ffe213cbe7d62ca827d855eaaee9f8ea38c23daa676cada3260561dc8db19cd3ab7c38add9bb41a8131
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alvadiwipa.com - Port:
587 - Username:
[email protected] - Password:
glodokplaza15
Extracted
Protocol: smtp- Host:
mail.alvadiwipa.com - Port:
587 - Username:
[email protected] - Password:
glodokplaza15
Targets
-
-
Target
INVOICE - FOR YOUR SHIPMENTS.exe
-
Size
477KB
-
MD5
ef97f12e3687ef7493f233ee1196740c
-
SHA1
611c9ef28edf70030cd6160d8c795fee489b184e
-
SHA256
ea027d907975381eaff6b9b98a14f303ad9f9d74b454dd55b9bd3b24b3b5baa1
-
SHA512
83012bbfc209a2c5ad36d9c395f2a59745f20912e39997203d772354ed686ba216a0f09313cd23d917e75b3149653556967c98345ff27c1e2f36af4d86f867c5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
LIST OF DOCUMENTS NEEDED.exe
-
Size
477KB
-
MD5
ef97f12e3687ef7493f233ee1196740c
-
SHA1
611c9ef28edf70030cd6160d8c795fee489b184e
-
SHA256
ea027d907975381eaff6b9b98a14f303ad9f9d74b454dd55b9bd3b24b3b5baa1
-
SHA512
83012bbfc209a2c5ad36d9c395f2a59745f20912e39997203d772354ed686ba216a0f09313cd23d917e75b3149653556967c98345ff27c1e2f36af4d86f867c5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-