General
-
Target
new order.exe
-
Size
580KB
-
Sample
201109-dfm5avre9j
-
MD5
84f8ac889156643db3a5fbfe7eb85cb3
-
SHA1
0424cd2eb37161e18087717362c2de57dfc91896
-
SHA256
aea995774e042d4c1aba6b954eb0e771548f7edb16c4d46c8cae3dae99ce7bc1
-
SHA512
760aa5689b1092519f9dbfcb2c25672d885fc4eb0e7ae4c384a97d6c1f9d358ef3ad710c6ff0f774fdfe66ec1e1c4b24eb390a86b63f6e085cb95b8730750bd6
Static task
static1
Behavioral task
behavioral1
Sample
new order.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajapindah.com - Port:
587 - Username:
rizky@rajapindah.com - Password:
#r4j#citeureup#13
Targets
-
-
Target
new order.exe
-
Size
580KB
-
MD5
84f8ac889156643db3a5fbfe7eb85cb3
-
SHA1
0424cd2eb37161e18087717362c2de57dfc91896
-
SHA256
aea995774e042d4c1aba6b954eb0e771548f7edb16c4d46c8cae3dae99ce7bc1
-
SHA512
760aa5689b1092519f9dbfcb2c25672d885fc4eb0e7ae4c384a97d6c1f9d358ef3ad710c6ff0f774fdfe66ec1e1c4b24eb390a86b63f6e085cb95b8730750bd6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-