General
-
Target
d0063dabacc1569353b846cd664cf979784b4855d03e6ed4fc0ef7f013a0bad9.exe
-
Size
824KB
-
Sample
241112-dgg59atcma
-
MD5
43e00d24337d8815e1fa91d9a0536741
-
SHA1
dd9db121a1ff7cf788b58f2371403ef9cc5473d8
-
SHA256
d0063dabacc1569353b846cd664cf979784b4855d03e6ed4fc0ef7f013a0bad9
-
SHA512
2514b10ebb3269362516970ad3dc9b99e8174e977d38867062b663516920c92a925bdb134a21ceb8c9a7662381e855e38f7e01fc535707ba57b7c5531d2a6a56
-
SSDEEP
24576:TgMvIxW+Bi3KvRHgca9/tJ6o4omxmOJJm:T/gV9mZtYo4B9Jm
Static task
static1
Behavioral task
behavioral1
Sample
d0063dabacc1569353b846cd664cf979784b4855d03e6ed4fc0ef7f013a0bad9.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs
Targets
-
-
Target
d0063dabacc1569353b846cd664cf979784b4855d03e6ed4fc0ef7f013a0bad9.exe
-
Size
824KB
-
MD5
43e00d24337d8815e1fa91d9a0536741
-
SHA1
dd9db121a1ff7cf788b58f2371403ef9cc5473d8
-
SHA256
d0063dabacc1569353b846cd664cf979784b4855d03e6ed4fc0ef7f013a0bad9
-
SHA512
2514b10ebb3269362516970ad3dc9b99e8174e977d38867062b663516920c92a925bdb134a21ceb8c9a7662381e855e38f7e01fc535707ba57b7c5531d2a6a56
-
SSDEEP
24576:TgMvIxW+Bi3KvRHgca9/tJ6o4omxmOJJm:T/gV9mZtYo4B9Jm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1