General
-
Target
7cb6a74c533cc897d3f3832ce193fc6b1100c2df08855ce65edb60c6a83b4d62.rar
-
Size
563KB
-
Sample
241122-c51rtsyndm
-
MD5
aa7845fe5861f347173a2057cd9df26b
-
SHA1
bc237a9588dab25ed2aac0952d3b7eb2d22f101c
-
SHA256
7cb6a74c533cc897d3f3832ce193fc6b1100c2df08855ce65edb60c6a83b4d62
-
SHA512
048a3ac1e4d07c36ea7f912f9284bc8c8de002c2ca3a6500f4d690305148ac5b4726836aa1d5bc8c43e95ff19c4d21001b441a5ffe517063f32d647ad6481f89
-
SSDEEP
12288:J/r1an4qTljAhIrQ4QZQ/ffEodqg9G4VO6+hDm3ZexNY/LGg3Ij3qX6io7vIZa:9hkTljDr0sfESG6OH/xOSr3bD
Static task
static1
Behavioral task
behavioral1
Sample
pmm.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Targets
-
-
Target
pmm.exe
-
Size
1.1MB
-
MD5
19c4258489c94b50d7f6041e2ca575f1
-
SHA1
712c83d1cf46aeae6ffba68fe0bc1ec373532f2f
-
SHA256
f482d607663a330b6a2393c8c9850bba8eddc53a4f80012c17dfcc416df05880
-
SHA512
b5107250620af675bb73c64f94790b5312dc0ce77007eac915017b5675d515d97238b1a9b5984e134b84bc00be0805778e72b255f60fab5ed15dcc146b023b87
-
SSDEEP
24576:0tb20pkaCqT5TBWgNQ7aiyEnGlxD0S3XEF6A:dVg5tQ7aiyEaDo5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of SetThreadContext
-