General
-
Target
c86337b831ef4541b8d4d94ffbee82dbb7e8eda9ef36397395ffa7b468ceace0
-
Size
1.1MB
-
Sample
220521-mnh6kacah3
-
MD5
3874376726b85bd41ec7aead7f126b80
-
SHA1
b5d993d3c14ce4d2ec39805070ce1976f2c0786f
-
SHA256
c86337b831ef4541b8d4d94ffbee82dbb7e8eda9ef36397395ffa7b468ceace0
-
SHA512
2a1c3a057499bfc1d8b4bfd64a8bd5f93411ca47980e570e932dec5749f0ceb090ab3f7882d9cbb0fe26e80ca3270f9b39f7e44ba7511c4c1c8cabbe2c18e826
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fiscalitate.eu - Port:
587 - Username:
[email protected] - Password:
;&7]PU*4yzVJ
Extracted
Protocol: smtp- Host:
mail.fiscalitate.eu - Port:
587 - Username:
[email protected] - Password:
;&7]PU*4yzVJ
Targets
-
-
Target
order pdf.exe
-
Size
1.5MB
-
MD5
0fddef8f238a557ca04148218685fe6c
-
SHA1
d9cacec62d30c5f817e41a51742f8875ca59fdbd
-
SHA256
07ebe4922915c2c0b8457ac0e63ee911a319246845881005f56c5b7707f67161
-
SHA512
7f8caea85b236c1ebd0ffd7346f48d55eeef11b84d9bbd8e64180edab579c1e6c6a542ccf87635eb4284a387a373e332a3be7a87891a67443d834a6a0ebf0267
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-