General
-
Target
KUTIPAN REVISI.exe
-
Size
1.1MB
-
Sample
210421-39x7bwpkhx
-
MD5
6ebc9f6c890fd621cf15158cd541013c
-
SHA1
5a15b0f665c7a7f1e203e78219f4425c05599366
-
SHA256
cdaaf6b1093dd63f181ff64dc82990b43b02988bead33d733cce9e8fd08d8440
-
SHA512
81e920832055460b8489ebebe6f22a192dcb4522e44e9421867cb0af4e0512172ce86ee28b0d8bda5b12f1bc0d2658de586606e4c3d820be824efe8702e83481
Static task
static1
Behavioral task
behavioral1
Sample
KUTIPAN REVISI.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
KUTIPAN REVISI.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.weldasys.com - Port:
587 - Username:
lpereira@weldasys.com - Password:
Lpereira@!8391#
Targets
-
-
Target
KUTIPAN REVISI.exe
-
Size
1.1MB
-
MD5
6ebc9f6c890fd621cf15158cd541013c
-
SHA1
5a15b0f665c7a7f1e203e78219f4425c05599366
-
SHA256
cdaaf6b1093dd63f181ff64dc82990b43b02988bead33d733cce9e8fd08d8440
-
SHA512
81e920832055460b8489ebebe6f22a192dcb4522e44e9421867cb0af4e0512172ce86ee28b0d8bda5b12f1bc0d2658de586606e4c3d820be824efe8702e83481
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-