General
-
Target
a5b6ce27250ec78f205ed144c4af62ed6cc5ab06f54604b3de3743f8d89027d2
-
Size
448KB
-
Sample
220521-n26z8ahfdr
-
MD5
1cf4362780869d74b4274f08ad1f71d7
-
SHA1
f658d6671f8ceef3a07a2e4c17f5d44005bff4ab
-
SHA256
a5b6ce27250ec78f205ed144c4af62ed6cc5ab06f54604b3de3743f8d89027d2
-
SHA512
defb52c44d2215662be67ab4d45a7ff1e71920ba1ba2d3bae2003a670b4565b026a104e8dfbe04a347826b674c54d96630eadd661f19d36cce98200f1f6a43e4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.millndustries.com - Port:
587 - Username:
[email protected] - Password:
s@X?j9y~sK3g
Targets
-
-
Target
PO.exe
-
Size
858KB
-
MD5
b7101f066b92686a5dd186ad32519241
-
SHA1
26670c4e766fe6b83a8f5c5919dc0aa7bd6fb6a1
-
SHA256
6fb8cc78162f87691a1763986603810c1993a9780e6ff1cd772486b21e6274aa
-
SHA512
17ed33df324686e423fec2b6fb7b7dbe64b9135f6b5e625553664bdf364bee48fba0399bbe63636d9adb3df6e96bb679225927a1b7d645a747f6528e1bfd9283
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-