General
-
Target
6ac54fe804688ef9a6720b52a3f5b2df85fb5918d93cfdff8855de632696758b
-
Size
345KB
-
Sample
240330-btkqssea2t
-
MD5
eb60111200f6f1bf37e3ce48fb1ab3da
-
SHA1
944558446a0465be116961da50b1b35cfd8c4f8d
-
SHA256
6ac54fe804688ef9a6720b52a3f5b2df85fb5918d93cfdff8855de632696758b
-
SHA512
1a1d04dbfc8ddca4963ed9d34be22c8eae76f9506d8d4527d204d3e2e4aa5e790b1d5f8df772f145a1cbeab586a172dae08084243a7eeb2838990ec6ecb09624
-
SSDEEP
6144:GUNva7tQ7YLxG4d6O73GEPmpDWvy6GLz9BQNQTEtwFv07t3cNTlJaf2:Gea7C77q/37mpDWvBGQcSwFeORa+
Static task
static1
Behavioral task
behavioral1
Sample
6ac54fe804688ef9a6720b52a3f5b2df85fb5918d93cfdff8855de632696758b.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
6ac54fe804688ef9a6720b52a3f5b2df85fb5918d93cfdff8855de632696758b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.suryaberkatindonesia.com - Port:
587 - Username:
[email protected] - Password:
suryaber123 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.suryaberkatindonesia.com - Port:
587 - Username:
[email protected] - Password:
suryaber123
Targets
-
-
Target
6ac54fe804688ef9a6720b52a3f5b2df85fb5918d93cfdff8855de632696758b
-
Size
345KB
-
MD5
eb60111200f6f1bf37e3ce48fb1ab3da
-
SHA1
944558446a0465be116961da50b1b35cfd8c4f8d
-
SHA256
6ac54fe804688ef9a6720b52a3f5b2df85fb5918d93cfdff8855de632696758b
-
SHA512
1a1d04dbfc8ddca4963ed9d34be22c8eae76f9506d8d4527d204d3e2e4aa5e790b1d5f8df772f145a1cbeab586a172dae08084243a7eeb2838990ec6ecb09624
-
SSDEEP
6144:GUNva7tQ7YLxG4d6O73GEPmpDWvy6GLz9BQNQTEtwFv07t3cNTlJaf2:Gea7C77q/37mpDWvBGQcSwFeORa+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-