General
-
Target
906786dda4d680bb24ac318d8a808c3c88a46f878cabebabb3141d8b189a50e8
-
Size
757KB
-
Sample
220521-netflsgfhq
-
MD5
9f8cc1b0e4e12feace26fa09730a8502
-
SHA1
ea2441c02cb089f3342a4e28142249e4e8558b43
-
SHA256
906786dda4d680bb24ac318d8a808c3c88a46f878cabebabb3141d8b189a50e8
-
SHA512
6e9280c1e144d47f49805ebc6732bcd527962397c77a1b281332b2749b4777abe45ba4dfe20747cc11ba1fae89d487f1509f93d570b29899ff9d9a3be281986d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
coronavirus2020
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
coronavirus2020
Targets
-
-
Target
5X40ft Containers.exe
-
Size
438KB
-
MD5
1af135fb8f6ae323f00e79fdffa28614
-
SHA1
3fda3bab855977ec61f8c8a9fc8b2afebfbbfe5f
-
SHA256
9d988ed519f6e3f6c1e9baec5fca64bbc07fbcbb09f8dd6a02d4b756d1f4ef6e
-
SHA512
4e8c6fc8aeba956d3b80717a56490fbfe311927b6d0ab3d37269fa42f7406aea1f9ecd014f4d8a0188bf0c9e4d1b22d64d3ed3280190ade061bb70ee55bebf92
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Invoice.exe
-
Size
437KB
-
MD5
aa10879b8f8b00c5078521e6f99db403
-
SHA1
79c7248ef09e66649184d7970c21546b03d5187e
-
SHA256
1cf828a8ad1ca3748535b13a7fea8fad80ded652496afd637ec70aefe2d90fb2
-
SHA512
9838953760719a30696de24939911e451653c0cf191a1e58b71d5b9db2a1f3bab34a2472b941290dd74f669e9f350c1360f522f1809444b41155af20ffe7ad4d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-