General
-
Target
19e9de4774c14c25266a3eaf27570da5_JaffaCakes118
-
Size
552KB
-
Sample
240329-gcx8fsah7w
-
MD5
19e9de4774c14c25266a3eaf27570da5
-
SHA1
84d6c60a726b9a7025fc7fc23fd05f4497eed1c0
-
SHA256
1e04cb60e7b3ed0c2ddc5402dfc30ff1c7ca1c0bd059d0a2bc4f3d49144629b3
-
SHA512
11e0e36d1d4555e37d4ea7129dcdccce11c3aa27de5ffd116f5287ba277d66bfe3ec3469306a95bc5608e8f46311a96d837e66b3dfa8aa45c3b90e8ed7752174
-
SSDEEP
12288:hG1+XhdrDdG2clP3QLKgAi/pXqL7hvSQBDo4NiphCozt:hdxd/dG2gJYxcNTBDvUpt
Static task
static1
Behavioral task
behavioral1
Sample
Curriculum Vitae.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Curriculum Vitae.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ofilsysterns.com - Port:
587 - Username:
[email protected] - Password:
@o^M)K*1
Targets
-
-
Target
Curriculum Vitae.exe
-
Size
480KB
-
MD5
8707c62068f99685b8896f703217ce1b
-
SHA1
b96b52bbe4d1800a00eb33f4c1f228c7404bc005
-
SHA256
90bb4acf70c8626f3ce6a9630437883bbfc62ae8ad344b673a8f005ce9d2ac30
-
SHA512
bd4ec5c3f392c6a685dbe04fbac73539a85e1bf7b563f71865929c37d5fd8d8776c3fd6fb8c3ccf2b994dc5f6dae26a8581f8fe1637169c193ce83532662eaeb
-
SSDEEP
12288:kxXrbOHGrhb3S2tldN/7qOwuF+PLFeIiTNk:KbCQlX/7qO7gxeLTNk
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-