General
-
Target
5f2d4ef9bf4aac8ea133268815414aca14083f0bec52de35d151f2eefbb309c2
-
Size
576KB
-
Sample
220521-btt98scea8
-
MD5
d24d04ba28c1cf07ae2d562f5929373a
-
SHA1
4d19dd2779c62f1624691adeb424b9884f791bbd
-
SHA256
5f2d4ef9bf4aac8ea133268815414aca14083f0bec52de35d151f2eefbb309c2
-
SHA512
05e2b6167aee69e89b4a697d536f3434e4d9e53c5ab824da1ffae655af0569b080aa83415078428a6129b20b5095a3959a9975ff5f8864e68f3b2ac934e8b09b
Static task
static1
Behavioral task
behavioral1
Sample
PO-11059021022021.......pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
[email protected] - Password:
Batam2019
Targets
-
-
Target
PO-11059021022021.......pdf.exe
-
Size
720KB
-
MD5
3e5c33f7b75d087ef1e5ff8fe7585f1a
-
SHA1
d2592e11aff5472be101384583ecad21b1384151
-
SHA256
f37fbb193f6ba57d318e7f5333fa7870282de9b3322e024c65d89977d2ec594c
-
SHA512
ded2f0a038ef57ed94431b0e30207e2f533284077076c2969ef3cfe4b929827b439f52c6236e8b370c4ed45e318b930bb57143d2148d4af5d8f401a8bf90e0f0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-