General
-
Target
gSiVHtIBk021Ayu.exe
-
Size
687KB
-
Sample
231205-v288xadc4z
-
MD5
02a5859efad4d8d57afed4ea7887337f
-
SHA1
15fee5776de725d618dbbc55bbae9aa8e899b49b
-
SHA256
a96ec11040b2e20d39e3a0fd96de1932b1ba042ce2d08a39811d9011ce55409c
-
SHA512
d556f7796aa1a85cf7b7354b7460c0992212969ae02757fd07c5186256939417d1fb209e676d841f61442a9fd6ce4b3df327acaec4857faabef08ebb6b7a9198
-
SSDEEP
12288:6ccopox4qqR+s43z2CX/0Gp/74gjN7LHITdojjj3yeTtpRIboAV4:Me5c2yp/74ENoBylRJAV4
Static task
static1
Behavioral task
behavioral1
Sample
gSiVHtIBk021Ayu.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
gSiVHtIBk021Ayu.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.integrasolusindo.co.id - Port:
587 - Username:
[email protected] - Password:
QJIKJNR6N0VS - Email To:
[email protected]
Targets
-
-
Target
gSiVHtIBk021Ayu.exe
-
Size
687KB
-
MD5
02a5859efad4d8d57afed4ea7887337f
-
SHA1
15fee5776de725d618dbbc55bbae9aa8e899b49b
-
SHA256
a96ec11040b2e20d39e3a0fd96de1932b1ba042ce2d08a39811d9011ce55409c
-
SHA512
d556f7796aa1a85cf7b7354b7460c0992212969ae02757fd07c5186256939417d1fb209e676d841f61442a9fd6ce4b3df327acaec4857faabef08ebb6b7a9198
-
SSDEEP
12288:6ccopox4qqR+s43z2CX/0Gp/74gjN7LHITdojjj3yeTtpRIboAV4:Me5c2yp/74ENoBylRJAV4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-