General
-
Target
1098a8aa665d5e9f93f657799015005f_JaffaCakes118
-
Size
594KB
-
Sample
240328-1ebxsahb3t
-
MD5
1098a8aa665d5e9f93f657799015005f
-
SHA1
4bfca85c4f7866d5a8c50ce8583c600294285a95
-
SHA256
480399626e44d18f78ed91b3c8340fdcf9fbb3025030d14b35090c8790aa19b0
-
SHA512
c3f7b6dd85cd5cb5fcfb3090164067dbc4b00b410c44726614ffb78d0b7ae198f0bc3c9acb9c5388f83127bd376504bf9acef0e3903794f9ab9f35d83ba89e68
-
SSDEEP
12288:zikwIaHJIqslFyNO93M1t3JB8LlBG1p9Hk4FGcrl:zikhYJIrKNOKfGlBqGCl
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
nbsupports@seshsupports.com - Password:
User@40378
Targets
-
-
Target
PO.exe
-
Size
640KB
-
MD5
77d0521505f69632ad6740ff52a29790
-
SHA1
a771c88ec2e7d267474ced87d047673de3d86df9
-
SHA256
b36fafecaa9f3252bc38d71ef8d16cff142337c8f5f8e98c414a057277c7cbe1
-
SHA512
125adc6617aa5fbdab97f5ff84ad6308dcb9bb838f41df410a39f304bc448c52da03a48c84c217272a7fac7593a4a2bbfa6de1f0edaa9527924e1ee7f549f432
-
SSDEEP
12288:6spOCWdZKUZ+SPwGVG5uzVOfxYxcUR55Oue3UUBTpV501/tQ:BAVdZrZ+SPw5szyWCUHYpV5C/O
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-