General
-
Target
0f22fe29dc985e7d3d69be30fb988a600becbb8648a5dc77dda4328c68f51da2
-
Size
744KB
-
Sample
240522-cmefwaha46
-
MD5
9a949d657c328eb18ec145c6b6f51fa4
-
SHA1
2dbc668a451dae3978bacba50f4ca4ceb02331a0
-
SHA256
0f22fe29dc985e7d3d69be30fb988a600becbb8648a5dc77dda4328c68f51da2
-
SHA512
41f4d39f978a4e9956e7cbf2a733ebbbd8e0e470f5429e9cbb27fc7590800b030a0bde832eef5538c9466eaa3c9f24797d5f172b6b791b629e996469986e03c5
-
SSDEEP
12288:9zun6yWn7fcpVZlu/6uHhlGrTyp94bEhu+IHMYop/zb7LkwIRpa6+HESAQoo/Tpj:cn698VVYnGrHY11N/zb7LuRpalHESA5u
Static task
static1
Behavioral task
behavioral1
Sample
0f22fe29dc985e7d3d69be30fb988a600becbb8648a5dc77dda4328c68f51da2.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs
Targets
-
-
Target
0f22fe29dc985e7d3d69be30fb988a600becbb8648a5dc77dda4328c68f51da2
-
Size
744KB
-
MD5
9a949d657c328eb18ec145c6b6f51fa4
-
SHA1
2dbc668a451dae3978bacba50f4ca4ceb02331a0
-
SHA256
0f22fe29dc985e7d3d69be30fb988a600becbb8648a5dc77dda4328c68f51da2
-
SHA512
41f4d39f978a4e9956e7cbf2a733ebbbd8e0e470f5429e9cbb27fc7590800b030a0bde832eef5538c9466eaa3c9f24797d5f172b6b791b629e996469986e03c5
-
SSDEEP
12288:9zun6yWn7fcpVZlu/6uHhlGrTyp94bEhu+IHMYop/zb7LkwIRpa6+HESAQoo/Tpj:cn698VVYnGrHY11N/zb7LuRpalHESA5u
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-