General
-
Target
17277cfddf40767bdcb59d1fb94ba059_JaffaCakes118
-
Size
337KB
-
Sample
240329-dyvgxage3v
-
MD5
17277cfddf40767bdcb59d1fb94ba059
-
SHA1
3eff7cfd74f03fde5d88c6372dd2df6678fb323a
-
SHA256
72455e04d1234af9ffeb7c73dced2cd582287ca397db6c2fe77ca6e45f5008a4
-
SHA512
90eacb7fec886c60bf498332f00304d95362c9e2eae87bf54de096dcf60580fc54fa747399df078ba9667261df74d0e2af2345027903354b26502f45ed23320a
-
SSDEEP
6144:2AxjQmpg5iVWQ0icwt+65A4nj+BuHkzQa8LIXvCsQcaghINDnepplfXCLkpVE3IH:2EjBsjicJGOoLI/VQlBUPfyoI3a
Static task
static1
Behavioral task
behavioral1
Sample
2021 NEW CATALOGUE-Eaglesmounts.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2021 NEW CATALOGUE-Eaglesmounts.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.citechco.net - Port:
587 - Username:
[email protected] - Password:
Webana@321#
Targets
-
-
Target
2021 NEW CATALOGUE-Eaglesmounts.exe
-
Size
357KB
-
MD5
70ae2bcf4e1ca6a2e4df97d690f90265
-
SHA1
a0c7f3398108aeb1d64b84edae64ea998fef30dd
-
SHA256
e65c580c2e9488a5b1d663b83bc321cfc2a0ad030381f3e16ee38665f9006e00
-
SHA512
dc439e8ba9d17e64bdee6d27e33ab05aeba156ac7942786b53a120fbc19e783a279df06726d89b0d1211845a681a18c7b17904696a1fc381f7a862fae4d9bc47
-
SSDEEP
6144:RpW2pba1MkhBwvoCmrJSvvUNk1IbeWlnvayGBLMVjU57zB6KPQS4x3f:RpW23SBwg/MHu3bCCe7oxSWv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-