General
-
Target
c22581a6e275d276141977cf7eb50853
-
Size
488KB
-
Sample
240312-b69kpaee43
-
MD5
c22581a6e275d276141977cf7eb50853
-
SHA1
bdf5f8adbeefd1776a1225f2fff84dcbff19faf1
-
SHA256
e1eb6222a8e97a11a12b0306cc2084152d2c53e4969178c8dcc3d94012fcdad2
-
SHA512
ffeecb806e2d61bbfc9cd2647a591cb63aba0269a17cda73fbc94104fe189a9ace5e4233dcbae9d1e4fe49ffd3649b6d5323c8de93e099e993af06ec3a0d8bc1
-
SSDEEP
12288:Pi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0EC:q7nhvbKvfmkALKi/Wq0E
Static task
static1
Behavioral task
behavioral1
Sample
c22581a6e275d276141977cf7eb50853.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajapindah.com - Port:
587 - Username:
rizky@rajapindah.com - Password:
#r4j#citeureup#13
Targets
-
-
Target
c22581a6e275d276141977cf7eb50853
-
Size
488KB
-
MD5
c22581a6e275d276141977cf7eb50853
-
SHA1
bdf5f8adbeefd1776a1225f2fff84dcbff19faf1
-
SHA256
e1eb6222a8e97a11a12b0306cc2084152d2c53e4969178c8dcc3d94012fcdad2
-
SHA512
ffeecb806e2d61bbfc9cd2647a591cb63aba0269a17cda73fbc94104fe189a9ace5e4233dcbae9d1e4fe49ffd3649b6d5323c8de93e099e993af06ec3a0d8bc1
-
SSDEEP
12288:Pi7n6QjBtbKjD/AkVmSc0NhOLS26ni/WlQ0EC:q7nhvbKvfmkALKi/Wq0E
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-