General
-
Target
c259b8829b8122e2c53e6ae18f6077aa5587848c15f2225cf8a3da9dfac7ccda
-
Size
507KB
-
Sample
220521-xjj76sbha8
-
MD5
49d88fadb69db6aff4878d756f50c9ff
-
SHA1
4293dd56e609e41c184efccfe5ee32ef06677aae
-
SHA256
c259b8829b8122e2c53e6ae18f6077aa5587848c15f2225cf8a3da9dfac7ccda
-
SHA512
5cb084cbb4b5a0b34bd23f9feef894e83aad5ab6b7c64bb9f0aa7b674f850391c6ba48512110ac01c959f6a0947c31f57b9bd8477c02d1d8c5436b2b5d51a117
Static task
static1
Behavioral task
behavioral1
Sample
Delivery Note - AWD 200038485852- 2349203000700.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Delivery Note - AWD 200038485852- 2349203000700.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.persisiciptautama.com/ - Port:
21 - Username:
log@persisiciptautama.com - Password:
invisible1234
Protocol: ftp- Host:
ftp://ftp.persisiciptautama.com/ - Port:
21 - Username:
log@persisiciptautama.com - Password:
invisible1234
Extracted
Protocol: ftp- Host:
ftp.persisiciptautama.com - Port:
21 - Username:
log@persisiciptautama.com - Password:
invisible1234
Targets
-
-
Target
Delivery Note - AWD 200038485852- 2349203000700.exe
-
Size
692KB
-
MD5
edf7233e91d854d4fab7545bb95b54fb
-
SHA1
664d328cc91fba9637532b05d1e188241b2fabcd
-
SHA256
b66a9674ccc165eebf25c3e0328e5af3435761cb21b18210d5d25cfba72f0a12
-
SHA512
f258ebc3094ed8542f0d446a61fcbd542a674a0e8216af77aa4ba4dcd1cb9f6be642d1b76f9b4558ebec8a644c166f1b4fed5ed53c520cfa56d28e9f72caff9f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-