General
-
Target
9cd7438958ebc2fd54b69944e111165a98002937ada73d4969cf1a5b914dcb43.exe
-
Size
863KB
-
Sample
241111-c9d4ma1fja
-
MD5
fa00c5e8af643873a2b1f21a2ad37e53
-
SHA1
65d79942fcc89adca579223ec8d84adbabdb8da2
-
SHA256
9cd7438958ebc2fd54b69944e111165a98002937ada73d4969cf1a5b914dcb43
-
SHA512
e96054c9d1b709c72b8e4fe69b2e2e8e36b91e2ca82159eccfd99c79bade92ee1a1125de96f4ea5a8b4b10b4604ba13fb5cdece694d4828fbaf6b6a7f4f7496e
-
SSDEEP
12288:uqFKqbdlEmbGq/KVtfLky6vXhcmAv++ii31whOGYgOdc9RsODSBfiuMn:uq0qbkmN/K7o/X2NZiifGYgPrmBfXM
Static task
static1
Behavioral task
behavioral1
Sample
9cd7438958ebc2fd54b69944e111165a98002937ada73d4969cf1a5b914dcb43.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs
Targets
-
-
Target
9cd7438958ebc2fd54b69944e111165a98002937ada73d4969cf1a5b914dcb43.exe
-
Size
863KB
-
MD5
fa00c5e8af643873a2b1f21a2ad37e53
-
SHA1
65d79942fcc89adca579223ec8d84adbabdb8da2
-
SHA256
9cd7438958ebc2fd54b69944e111165a98002937ada73d4969cf1a5b914dcb43
-
SHA512
e96054c9d1b709c72b8e4fe69b2e2e8e36b91e2ca82159eccfd99c79bade92ee1a1125de96f4ea5a8b4b10b4604ba13fb5cdece694d4828fbaf6b6a7f4f7496e
-
SSDEEP
12288:uqFKqbdlEmbGq/KVtfLky6vXhcmAv++ii31whOGYgOdc9RsODSBfiuMn:uq0qbkmN/K7o/X2NZiifGYgPrmBfXM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1