General
-
Target
0c6d967f7f17e3f7d66bf81f4f6254e4_JaffaCakes118
-
Size
1.2MB
-
Sample
240328-wn5t1add82
-
MD5
0c6d967f7f17e3f7d66bf81f4f6254e4
-
SHA1
7ea48a7f6212017caa5ceb0f49b7ccd70eea987c
-
SHA256
63a6df094357141041ecaa6d490c88f5b9a2f8d1641780fced6b0b07ce3d20b6
-
SHA512
78c9aea681c35690a35de44c5d43ef1c14dba7d8cdae4959e692b7d68d3133b42cd57c46f2d1c3bb5e197f78a47776784977f1cee9d33b12d5f610103f4a7c5e
-
SSDEEP
24576:EWeF8FYFUSDg+qoTxSkEuAp+6MTYmEE4:EyYhg+qoUk49mt
Static task
static1
Behavioral task
behavioral1
Sample
CONFIRM PROFORMA INVOICE NO 21091042 21091044.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
CONFIRM PROFORMA INVOICE NO 21091042 21091044.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
compra@topfrozenfoodbrand.com - Password:
Everest10purch - Email To:
purchase@topfrozenfoodbrand.com
Targets
-
-
Target
CONFIRM PROFORMA INVOICE NO 21091042 21091044.exe
-
Size
675KB
-
MD5
21bdc587f6630da32bbb95e3edafd8a6
-
SHA1
50e89252950c924ef81520b6c527459c92ec9d03
-
SHA256
4c3faf064979c03b4abd8e1b0c0b64b4753d6f702401509ee4989319d079357d
-
SHA512
161ad24db09927ef85b7b43f5ee206e985016ef2e57dfded4e6d00b5619aa0bc1084cc3e5f6443bbd83b0bafd71a5eab4e9473a3adc7ad2e68272841deb592e0
-
SSDEEP
12288:Olf7khylvNBOFYFx2wzDa3+qoTxjmvoBjEA57st/+6Mb/YErzEEwr:qWeF8FYFUSDg+qoTxSkEuAp+6MTYmEE4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-