General
-
Target
fd78b21bc195701d9e2340ce4fa7af9136c252c7a9c7eb1d8cdfae415ba714a4
-
Size
297KB
-
Sample
220521-n8dbgsaaam
-
MD5
83840875d7e3c65b0cb34615fe2cc453
-
SHA1
9c1fc2928c4457bde0c3b1443ce1cf14171df989
-
SHA256
fd78b21bc195701d9e2340ce4fa7af9136c252c7a9c7eb1d8cdfae415ba714a4
-
SHA512
49f8bc8d322ffd312748af7da13b5c0e27493fa4d4e3967ab6d4a078744fba075c1c1e01408bae4cb192cf9e9be3ee4e7e0b2c421a435e6602689314cca6a314
Static task
static1
Behavioral task
behavioral1
Sample
gw3sbbiu.dun.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
gw3sbbiu.dun.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.askon.co.id - Port:
587 - Username:
ratna@askon.co.id - Password:
r4tn41226
Targets
-
-
Target
gw3sbbiu.dun.exe
-
Size
341KB
-
MD5
5a14ecb86c759a98f4ed84147eef1173
-
SHA1
17149248793858899a5b177791226d91dd55c0b6
-
SHA256
d6003d92bb4afadbc8ee04fc35c1e3238c2bbc1ca06fecbb19b8b72c1372cc5a
-
SHA512
4e5a6c2a3e49229e0f8c0869f1f499e13e47939422e001804c160982e5b0ffcbc968966b88131521dc7c6afffde752472f66cc2cf29ed75228e091169238851b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-