General
-
Target
8d5bbe14e8396ffb31b9995beb6a4f0f22dec55c8bc4ff1a2a65ef582cc52707
-
Size
381KB
-
Sample
220521-pvv5tabccq
-
MD5
9c0d61f8df6ea5e170e4d99f61f8944f
-
SHA1
237974a38f1eeb72d895343f60a961dc5a503590
-
SHA256
8d5bbe14e8396ffb31b9995beb6a4f0f22dec55c8bc4ff1a2a65ef582cc52707
-
SHA512
c8899f183dc17f8dccaa232a23c40e1a7665e8e348ce90b4bde7c2abf7ff4f9aa6c2cfd8778faa476d440a3ab0753d89c051a6bba4cb582dd75995f698f73bce
Static task
static1
Behavioral task
behavioral1
Sample
FHJ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FHJ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
info@dianaglobalmandiri.com - Password:
Batam2019
Targets
-
-
Target
FHJ.exe
-
Size
415KB
-
MD5
9b8585fbf9447fad0c19f2a99579c5d8
-
SHA1
95a025ac75fc76d424915bf251ed36fcb277ef64
-
SHA256
da9f9ad44fc0d8c99aae693acbfb999e50fd82aa095cfbfb73fdcc92a7118079
-
SHA512
77df09b0e6c4149f76305efcb93a617881ccba99282d7f026717ad8177833baef08b4260155a99030db56443db52214458fa90d12cfdbb6a3c3f6b75947ffc32
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-