General
-
Target
1cafd91a3da7f8423f0a613df984674573c6a64f9766e10075f5068f9b6449f1
-
Size
688KB
-
Sample
231205-j9pcxsaa7w
-
MD5
9e6e9a8fb065133fb442f150f35bd2f1
-
SHA1
16fe76a8a68beb7ecbba79b1f0b3b597a6c7b33a
-
SHA256
1cafd91a3da7f8423f0a613df984674573c6a64f9766e10075f5068f9b6449f1
-
SHA512
0c7fb36e7bbfe88627ca598df350593874a23e6db54f012af79ace1dee77e5e19b664650982e755bce55baf3ba56b3f3fc910c036d43c073c0d0c972b7033763
-
SSDEEP
12288:K9PDJ6YJYSQgy4Ad76izOeuT8T8/6eJllVpIa3smcwqykSXgCp8Oa1eenxc:nSUvtOe/THeJ1GwsrFGgz/fi
Static task
static1
Behavioral task
behavioral1
Sample
jPRVaWdM8vmb5y3.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
jPRVaWdM8vmb5y3.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abemandiri-haluan.com - Port:
587 - Username:
[email protected] - Password:
@be2020Ju@n1+@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.abemandiri-haluan.com - Port:
587 - Username:
[email protected] - Password:
@be2020Ju@n1+@
Targets
-
-
Target
jPRVaWdM8vmb5y3.exe
-
Size
801KB
-
MD5
6f344de51a7f57840d6df5a2e70dbb21
-
SHA1
d155fd5798669402c8b4337e096ca8098d8c3b1d
-
SHA256
1c54f54681ddff97363629a18f7576a9140e50a8b1e40bbd4f3a1fc003d794a5
-
SHA512
01b658ab39871d70e522b785479e3644d5c1048f9955964bc6253cf971a68857d5126a98582a1d9520dd805b3ba7d7459fef28bfe6be4609d9a96c31a9a2b926
-
SSDEEP
12288:cEKE6jD/62iNG5nF8asmyNmPzUTU3VVS/EnJ3nYjZTLMokBjoQz:cEKtD/61IJ/gTH/ENYjZL5kBM6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-