General
-
Target
a423d20538a3ed387be79e95ac7b33d017544c2107436cf9ba4c30cf3cc67965
-
Size
762KB
-
Sample
240612-b4l2lsyalp
-
MD5
fc00b5619d6ae61462d650846f99a94c
-
SHA1
f564fba996dcff200dd25f70e91a191993284c1e
-
SHA256
a423d20538a3ed387be79e95ac7b33d017544c2107436cf9ba4c30cf3cc67965
-
SHA512
e70f32bcd13ae1bcb883d4133d484dd634d1646a9240ac6c24ff811a102ca730482d01f1b59cd7b1ca57af0239c094968e0c3829d998710bef7199719f5bda2d
-
SSDEEP
12288:kiZaD3HH3DI+y7kE8tgwIONzp7gfvydBgAUxr6+jRbk8RznRKx1rsJj:xZajH3DIf8tgE5Ky/nUxmIxVwxFsJj
Static task
static1
Behavioral task
behavioral1
Sample
a423d20538a3ed387be79e95ac7b33d017544c2107436cf9ba4c30cf3cc67965.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.funworld.co.id - Port:
587 - Username:
[email protected] - Password:
fwp123mail - Email To:
[email protected]
Targets
-
-
Target
a423d20538a3ed387be79e95ac7b33d017544c2107436cf9ba4c30cf3cc67965
-
Size
762KB
-
MD5
fc00b5619d6ae61462d650846f99a94c
-
SHA1
f564fba996dcff200dd25f70e91a191993284c1e
-
SHA256
a423d20538a3ed387be79e95ac7b33d017544c2107436cf9ba4c30cf3cc67965
-
SHA512
e70f32bcd13ae1bcb883d4133d484dd634d1646a9240ac6c24ff811a102ca730482d01f1b59cd7b1ca57af0239c094968e0c3829d998710bef7199719f5bda2d
-
SSDEEP
12288:kiZaD3HH3DI+y7kE8tgwIONzp7gfvydBgAUxr6+jRbk8RznRKx1rsJj:xZajH3DIf8tgE5Ky/nUxmIxVwxFsJj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-