General
-
Target
75947213cdcf840dece785dfffcc4045
-
Size
488KB
-
Sample
231226-rst6vafaak
-
MD5
75947213cdcf840dece785dfffcc4045
-
SHA1
0279145121d57d99bccca8385ed8eda6ebd5d8d2
-
SHA256
3315f6f2235050638ef65d91c63bd8454f2ad07f08a04ab1ab6e8b6eab65361b
-
SHA512
0c82d0d30b2a869b93950a85af77ee7af3fa14cb8e5dd5d9726eaa9278b9f661e0186050ef11ace3081d1972ee5b32023386b4fc3f3f9c6b116fa60c9adccb0f
-
SSDEEP
12288:Oi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0ECb:b7nhvbKvfmkALKi/Wq0Ec
Static task
static1
Behavioral task
behavioral1
Sample
75947213cdcf840dece785dfffcc4045.exe
Resource
win7-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajapindah.com - Port:
587 - Username:
rizky@rajapindah.com - Password:
#r4j#citeureup#13
Targets
-
-
Target
75947213cdcf840dece785dfffcc4045
-
Size
488KB
-
MD5
75947213cdcf840dece785dfffcc4045
-
SHA1
0279145121d57d99bccca8385ed8eda6ebd5d8d2
-
SHA256
3315f6f2235050638ef65d91c63bd8454f2ad07f08a04ab1ab6e8b6eab65361b
-
SHA512
0c82d0d30b2a869b93950a85af77ee7af3fa14cb8e5dd5d9726eaa9278b9f661e0186050ef11ace3081d1972ee5b32023386b4fc3f3f9c6b116fa60c9adccb0f
-
SSDEEP
12288:Oi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0ECb:b7nhvbKvfmkALKi/Wq0Ec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-