General
-
Target
e1f8835fc23a0b11513cac6750fd594fb853edcab74db71faedaeed3431f6ef8.rar
-
Size
530KB
-
Sample
240705-cbwk1ssbne
-
MD5
15f3e81483b60f863813297ad84390a7
-
SHA1
5195398528a44a75a42b4ce6e2fc750dee6d8901
-
SHA256
e1f8835fc23a0b11513cac6750fd594fb853edcab74db71faedaeed3431f6ef8
-
SHA512
54a2676d9bc123f41cdbdf121d62e4884bbb8e094d553de71191196188b2418d6d32ce567f7d6e5c5e5ae469b720ace3502b0b9234c224a9670a1ed269b7870a
-
SSDEEP
12288:ZMnkMbJHvjuT5qLD5MmDXkspTTRdZxBPS3c/dKxIfQ5Awq9frFA:2kujjlMmDXkGXZKsQIYAp4
Static task
static1
Behavioral task
behavioral1
Sample
ss.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ss.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pgsu.co.id - Port:
587 - Username:
[email protected] - Password:
Vecls16@Vezs - Email To:
[email protected]
Targets
-
-
Target
ss.exe
-
Size
1.0MB
-
MD5
6c10bc159358093f6e827b170bcddeda
-
SHA1
1e9109ffb469e5c1fa2535c74f50c6afb7f99d66
-
SHA256
664c0c690a791c1a863702884b3b3bd0aead7fabbd3ff6e46cff58f53c1cd3ff
-
SHA512
d2f781e2152b341e086573007cd06b18142be352a8470749526ec6c50da615989eef6c1313ff10b01d5f46a7c5691377f81cbd5d91ae0361f3a7a010c3c71b4d
-
SSDEEP
24576:kAHnh+eWsN3skA4RV1Hom2KXMmHaswyH8aNpmq5:zh+ZkldoPK8YasbNz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-