General
-
Target
00d23c90c271e6a56d27152984c2c216_JaffaCakes118
-
Size
1.2MB
-
Sample
240328-jp24aadd87
-
MD5
00d23c90c271e6a56d27152984c2c216
-
SHA1
a74cabda8bf593e6f1d633ff43046ad9a6463295
-
SHA256
8b3d67af35fb4f72b88b3ccf0791b8c1c071908d0f39f4a33f96a485577559e8
-
SHA512
70419d3742d9777330695e52390a9305b28f5f960c95d502359d13b0b088b4204de852bb14edd34f216ce3726dd66d45d9afdac854d326b0bb586fb7cdfa1f7c
-
SSDEEP
12288:DahvCU+Zu/dmvRhzOwaaujMgtyFFiNMQpVddc+v0:DSKU+sOv7UjMgtyv+pVp
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank,doc 29092021.7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Halkbank,doc 29092021.7.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
cuenta@topfrozenfoodbrand.com - Password:
Everest10account - Email To:
account@topfrozenfoodbrand.com
Targets
-
-
Target
Halkbank,doc 29092021.7.exe
-
Size
601KB
-
MD5
94b6f876789768ac05133078ac969d96
-
SHA1
3a8f556b950bfa45bd3889bcda39ff8f87df96e2
-
SHA256
75c5f0200804fc3bbe1c14cba4ddf517c4fa5785806f02424e68a9070d7fd9d2
-
SHA512
bb86e03fe3fbfb78e0d83bc4f8d5efefa71da8706d21671d340c5e8ceb9a9f20546f8c7fbf5c64fcb0fdcaa244d52673a73ca39c8291a00ddd40378c5d1cbfa6
-
SSDEEP
12288:IahvCU+Zu/dmvRhzOwaaujMgtyFFiNMQpVddc+v0:ISKU+sOv7UjMgtyv+pVp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-