General
-
Target
a12ea1f302ab44feff7f43fa9edad47534ad6215abb80259995b4a46aa4dbb2e
-
Size
638KB
-
Sample
240913-ca3b6sxgkl
-
MD5
ea84c374c9fa9232f72662d71c120a6e
-
SHA1
a0763e0f6642e52ed85a0cd10a3227af12e0f4d6
-
SHA256
a12ea1f302ab44feff7f43fa9edad47534ad6215abb80259995b4a46aa4dbb2e
-
SHA512
1cd4abe4fe43e058a5dcf3f15b10d3a4b04a7571591e0c7921e1a795db39194008671087a9f0bdc23f4b40abe8eaa47b861ae07a070ac00867abaeea76bae18a
-
SSDEEP
12288:SDbUOXdlE3J3Mp13fDOq0nIwiheccospSZD583qudRN0YRLV:SDoO/13LXOkESZD5Oq4RNPRJ
Static task
static1
Behavioral task
behavioral1
Sample
sd.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
sd.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Targets
-
-
Target
sd.exe
-
Size
1.1MB
-
MD5
df7b7e59c1d0bdf4c4727b8b79fb2058
-
SHA1
31e06d59c9fcae473db74ff2f5099976e2cb4302
-
SHA256
3be7372f7dc6f8dbec2b12f15922aad92a022dfd930344fc076ef616d303f869
-
SHA512
6b0a4d7db5869c6b1a048ed9e9b9816a365d61cb4796ec4056951c67c1e82f38d31f3120cdd5dd8b3d2bbe257e05f260232213e83c5cb13f811d995fa66c36d5
-
SSDEEP
12288:4CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaElQpgDbL7Y:4Cdxte/80jYLT3U1jfsWaE+mpMK7LQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-