General
-
Target
5c63f27b81f2141ca11f4d81a235f9e683b6b9fd9d92a1f5999c70a8f950a25d
-
Size
951KB
-
Sample
220521-d8hk4acadk
-
MD5
05855fabb20551cc0b9d3eb2dd13b01d
-
SHA1
79145301fa8bffe4bb3e7079125a3b2b12216e95
-
SHA256
5c63f27b81f2141ca11f4d81a235f9e683b6b9fd9d92a1f5999c70a8f950a25d
-
SHA512
29479569fff75d6d1e5b80e9cf90856d97a0edb6979ddcad69fe736abb808d8f5a62848b06505736839cdca31ba9324938acdbb1688063fc6970fe4b40e4e5ec
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
onyemachi147
Targets
-
-
Target
Revised EPDA.exe
-
Size
1.2MB
-
MD5
586664f077de431045afd067dcb81ba8
-
SHA1
c6153db7b4c2aef6fc453fdec1add91c5ab748cb
-
SHA256
6643765f338fd0c0426604a1abb6ef92a456433f0a814a57c79a4c37a095653c
-
SHA512
ec274cd6b4a0791d3597b4a06cf74bbf1662ef424423e120ffc6ea42b82ae1bb866d056d21b443ea65f24db5a7c2685e68b443a1c6ad23c549005444c09cd532
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-