General
-
Target
b5abda4bfe4a155cf62329e7b46e4bbe6e9c52476db77fbae7768890ece57646
-
Size
250KB
-
Sample
220521-m1r91afhfn
-
MD5
9a08312459725f39441bb9420f804d4e
-
SHA1
c8a2c338e9bbc57923f763e2edab1544de2baeb8
-
SHA256
b5abda4bfe4a155cf62329e7b46e4bbe6e9c52476db77fbae7768890ece57646
-
SHA512
90ff89e4fbd002d37b6435b683b9715d61e46003544f499176de3b293a514dd20be0166372e1348dce82e910c1b665d0d6d48abed2a221a19ae60c8cc184f37d
Static task
static1
Behavioral task
behavioral1
Sample
3678811123_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3678811123_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.sman22sby.sch.id/ - Port:
21 - Username:
[email protected] - Password:
lCbu4QNBjE
Protocol: ftp- Host:
ftp://ftp.sman22sby.sch.id/ - Port:
21 - Username:
[email protected] - Password:
lCbu4QNBjE
Targets
-
-
Target
3678811123_PDF.exe
-
Size
358KB
-
MD5
bd0e4294b5dbd169ea5afb69bd1c8afb
-
SHA1
a6690a46491639447f0e1f51542c8ba7b35b5259
-
SHA256
a7b93c81adb5434f4bbb77f954f02dd01914c95d189deda48e3d456e03a5b92f
-
SHA512
980991172aff9e41fd09371975bfa9b320cef3963a369492c6eb4f95a3392d30b1ff1dbe65e576fbee9f2b990846966d0839b36884d4abf863e68139487a790e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-