General
-
Target
f1ccb98e84c802d6786b31730a4b04e3b228e673560315352527a220432b2852
-
Size
563KB
-
Sample
241223-fa8qqswmgj
-
MD5
2ad4bb138ce8576cf93f2dc5f4812977
-
SHA1
26210ac4e2a77adb374240af2b15cad53ac5b423
-
SHA256
f1ccb98e84c802d6786b31730a4b04e3b228e673560315352527a220432b2852
-
SHA512
2aad849a1050f9c0ddd5ea14eb8f266076235a92f9b03ef263fca0d680cb17502ba986cad0ecab8dbdf2be0ccd7d15154714daa0fb41bdc55a738f6d845c0f9d
-
SSDEEP
12288:beBrF1Sgbh7s1hWNIHcewmnGNuxLBdJ/aL4IUf3yZQi:aBrF1SSs1hMI8eLnvtLi+xi
Static task
static1
Behavioral task
behavioral1
Sample
bamz.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bamz.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Targets
-
-
Target
bamz.exe
-
Size
1.1MB
-
MD5
0517167a8b5c55fa5379aec35b608a52
-
SHA1
5dcf2de1c454c61de95c17b47cf05d6dc6ddfa74
-
SHA256
e6285b91e58a7dc662833fdf6b8a6574f871287308146d920b4e687a01974e4e
-
SHA512
36e9d1a47576eb1d0d31d7f9d72f61f64d9e50b1f627595a96064f4e45bccd944b2abac4ccb198d43f1f86a07e1dd709bb1e9248a539ec3d67d06e948a6fe847
-
SSDEEP
24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8apUmupDm/2M+n:mTvC/MTQYxsWR7apUmu9m/M
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of SetThreadContext
-