General
-
Target
0a8bed02098a13389f0c54ac46e83a35_JaffaCakes118
-
Size
383KB
-
Sample
240328-tz97raag2x
-
MD5
0a8bed02098a13389f0c54ac46e83a35
-
SHA1
dc78b64923e2b37ec0013d3d401b6e95abb42dd8
-
SHA256
ec1ebb7d6744634e8f82e87c03e821a90e84ea038760dbec89e2c75ede498547
-
SHA512
892081be09dd3a90126d907ac7fed4803a423f8ef0ffe4a8b6a5ec30e5d5e06b33aab28229407547d184535197a21588de9e41cb306808574f8dfab84e8ec757
-
SSDEEP
6144:uP/L2N5f2RNHT462kisWaX2C5sZllVQlZe6zuOMGxSwq2hnv/+gi4Dpme8txcX+:2/C5fSFjisnb8PVQ/hzuObSLG/n/V187
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.citechco.net - Port:
587 - Username:
anando@citechco.net - Password:
Webana@321#
Targets
-
-
Target
SOA.exe
-
Size
512KB
-
MD5
5fbde32f923edf89d89dcab60b07fd86
-
SHA1
dfdd545ca3b31bf3d74bfa1598ffb2bbac987dd0
-
SHA256
e6b35b0c81fbe9a13602d49d28b382c697263672a937486910073fcb54e3b1b0
-
SHA512
45cdf0fce3f266355530157a3b61d6855810be83ac455be456a57bc3b8a2ddc684fd3862c3ba7ee82ffc34bed004b779060b21905e4386c5fa3ecf631e38a9e6
-
SSDEEP
12288:mySBeyYq6YFBpaIq8kA6UItMjk/l8tIR:wBdYZYFBvJkA6HIMD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-