General
-
Target
978cfe7b4cf22cde74a9544abfcbbb99fcb58606039d520d1aa6d48599f7bfcc
-
Size
421KB
-
Sample
220521-cysgwaefg4
-
MD5
89a37bd748278a9420ae36ec94558bbc
-
SHA1
c41452dfb13483e932c496ee3544ec41ac0bbda1
-
SHA256
978cfe7b4cf22cde74a9544abfcbbb99fcb58606039d520d1aa6d48599f7bfcc
-
SHA512
f68983e5771b6798c800801a8dfc99c500b6dac71c124ce83bed9dd5b4279c2405e9374b5eb2f9122120efee1b033cee1581d9436c567c7478f31875dbd8f0bf
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mkkarakosemobilya.com - Port:
587 - Username:
[email protected] - Password:
MKkkmbly@2019
Targets
-
-
Target
e ssssssssss.exe
-
Size
532KB
-
MD5
6a7bea227f0410cd0a29d5ec46dc2162
-
SHA1
c96ddd2b3e3926b030cb06636c963fa3f05e0f88
-
SHA256
fe4deeb84628c321aff86bc7fd0edfa70aebc3f2dd302c18cf8a5715cb8b09e8
-
SHA512
76c663adb6809e3d817d4e6b3e0900841351b5a48211554ff53d992e0572693e5526cab1a13c7b6f1696011b14059b67dabcf342244224e8f486d40308840c38
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-