General
-
Target
298027d4982314094eb9841da056925e273e180a56d07b0ac538344a74a56ab8
-
Size
419KB
-
Sample
220520-3dkjmsbfdk
-
MD5
65b78946fe9d26a80341a20ec5a371d4
-
SHA1
0a3b620458ec03dcbd4dce9b93dbf9d36557011f
-
SHA256
298027d4982314094eb9841da056925e273e180a56d07b0ac538344a74a56ab8
-
SHA512
a216d00ad4229847183ca6cf690fbe7662c99a78efc1349948feb0c0f0fd95689294fcb4bc7a9259764b611738ae954c38f6f69493707dfb528555fc84d814ee
Static task
static1
Behavioral task
behavioral1
Sample
Bukti pembayaran 08-06-2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bukti pembayaran 08-06-2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fratellidelpiano.com/ - Port:
21 - Username:
[email protected] - Password:
playboy123#
Protocol: ftp- Host:
ftp://ftp.fratellidelpiano.com/ - Port:
21 - Username:
[email protected] - Password:
playboy123#
Targets
-
-
Target
Bukti pembayaran 08-06-2020.exe
-
Size
486KB
-
MD5
e47511fbabcff88bdd6a58ecb73665c2
-
SHA1
f479df0c6c7aa1c5d7f06ec8161ee111782602b8
-
SHA256
1809bf5f2c3064e604efdce2de7bbb8a112f99752766dd4a84235ec92c69a489
-
SHA512
550520c3aba21a05fa9dff3335f8c632f4bfde71fc25bcc395aea7db02857b36b2fc7e04056c8f07fb106703eb39c63b451ff6e4af6456973f670cd79701e9a5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-