General
-
Target
NEW P-O.exe
-
Size
463KB
-
Sample
201109-jcea78159s
-
MD5
ff31007a5c8ff2672b1388b3630e62c3
-
SHA1
caffa8d8f535c738aecc376162cc9cfb62931afc
-
SHA256
f06f3723235acd9307e495542a10790ac22b8b894954484b02746409802fde10
-
SHA512
e68f883b056f44831896e5b84d927c966e79a6ff905c614c4a0f6a578b9e2533ed295b7230d1eef99d0b9db3e256e295f7a4d4c6a4b840ea2a9b1c5f8ad7a759
Static task
static1
Behavioral task
behavioral1
Sample
NEW P-O.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajapindah.com - Port:
587 - Username:
rizky@rajapindah.com - Password:
#r4j#citeureup#13
Targets
-
-
Target
NEW P-O.exe
-
Size
463KB
-
MD5
ff31007a5c8ff2672b1388b3630e62c3
-
SHA1
caffa8d8f535c738aecc376162cc9cfb62931afc
-
SHA256
f06f3723235acd9307e495542a10790ac22b8b894954484b02746409802fde10
-
SHA512
e68f883b056f44831896e5b84d927c966e79a6ff905c614c4a0f6a578b9e2533ed295b7230d1eef99d0b9db3e256e295f7a4d4c6a4b840ea2a9b1c5f8ad7a759
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-