General
-
Target
sd.exe
-
Size
1.1MB
-
Sample
240913-gw2d8ayejc
-
MD5
df7b7e59c1d0bdf4c4727b8b79fb2058
-
SHA1
31e06d59c9fcae473db74ff2f5099976e2cb4302
-
SHA256
3be7372f7dc6f8dbec2b12f15922aad92a022dfd930344fc076ef616d303f869
-
SHA512
6b0a4d7db5869c6b1a048ed9e9b9816a365d61cb4796ec4056951c67c1e82f38d31f3120cdd5dd8b3d2bbe257e05f260232213e83c5cb13f811d995fa66c36d5
-
SSDEEP
12288:4CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaElQpgDbL7Y:4Cdxte/80jYLT3U1jfsWaE+mpMK7LQ
Static task
static1
Behavioral task
behavioral1
Sample
sd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sd.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Targets
-
-
Target
sd.exe
-
Size
1.1MB
-
MD5
df7b7e59c1d0bdf4c4727b8b79fb2058
-
SHA1
31e06d59c9fcae473db74ff2f5099976e2cb4302
-
SHA256
3be7372f7dc6f8dbec2b12f15922aad92a022dfd930344fc076ef616d303f869
-
SHA512
6b0a4d7db5869c6b1a048ed9e9b9816a365d61cb4796ec4056951c67c1e82f38d31f3120cdd5dd8b3d2bbe257e05f260232213e83c5cb13f811d995fa66c36d5
-
SSDEEP
12288:4CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaElQpgDbL7Y:4Cdxte/80jYLT3U1jfsWaE+mpMK7LQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-