General
-
Target
TT Slip.exe
-
Size
616KB
-
Sample
201109-a94nyg6s4a
-
MD5
7974c6ca97b8f4f163e0ab140701396a
-
SHA1
720a76ac44ae776723d9a35b608209428a6611a5
-
SHA256
8e637504c692c93f7cf0286af90f331cd2bb7961adf8bd9f2ec2f7e84db7adf7
-
SHA512
c56e3947151fb3df44902f0966c348e48172a80b0951bc64481d20a8e4e55db21acc64d336758c9a113e158b6f3c31772e84b44a9447dfa0de30ad01cf00d8db
Static task
static1
Behavioral task
behavioral1
Sample
TT Slip.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
info@dianaglobalmandiri.com - Password:
Batam2019
Targets
-
-
Target
TT Slip.exe
-
Size
616KB
-
MD5
7974c6ca97b8f4f163e0ab140701396a
-
SHA1
720a76ac44ae776723d9a35b608209428a6611a5
-
SHA256
8e637504c692c93f7cf0286af90f331cd2bb7961adf8bd9f2ec2f7e84db7adf7
-
SHA512
c56e3947151fb3df44902f0966c348e48172a80b0951bc64481d20a8e4e55db21acc64d336758c9a113e158b6f3c31772e84b44a9447dfa0de30ad01cf00d8db
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-