General
-
Target
187a92c8144211f1e95c64641f96ae33a247d35eb9fa59a4c421d5395b5b45dc
-
Size
535KB
-
Sample
220521-ntd98seba5
-
MD5
7e3db3074dd7c69416b3e436e38ac564
-
SHA1
2748d8ef16a784688fce22d240a3a787bd515f4d
-
SHA256
187a92c8144211f1e95c64641f96ae33a247d35eb9fa59a4c421d5395b5b45dc
-
SHA512
4e6708c5c493ecce3c35f074748334d38f8232af7d6194c36432f3ba908b1d972affe403c0f7afeb795da2d860f314f882d020f11dc7f10efde3c649d4be8377
Static task
static1
Behavioral task
behavioral1
Sample
TT Slip.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
info@dianaglobalmandiri.com - Password:
Batam2019
Targets
-
-
Target
TT Slip.exe
-
Size
616KB
-
MD5
7974c6ca97b8f4f163e0ab140701396a
-
SHA1
720a76ac44ae776723d9a35b608209428a6611a5
-
SHA256
8e637504c692c93f7cf0286af90f331cd2bb7961adf8bd9f2ec2f7e84db7adf7
-
SHA512
c56e3947151fb3df44902f0966c348e48172a80b0951bc64481d20a8e4e55db21acc64d336758c9a113e158b6f3c31772e84b44a9447dfa0de30ad01cf00d8db
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-