General
-
Target
1dae68e30d02e6a06edd4daa95735f0b_JaffaCakes118
-
Size
1.2MB
-
Sample
240329-kp5d3sdd61
-
MD5
1dae68e30d02e6a06edd4daa95735f0b
-
SHA1
c44a482e9c9144f949e727dd2802bd3461b8bceb
-
SHA256
efbd6abe40e680c9fded2f8170a6d0e0bd9db8c81311cc6b6f9c4d89d56967be
-
SHA512
addffcb851053c066ac8459052691da408d8c749f80f41b454196b3162593f741838c730198afe6d1beeea2ec1480f831d84859c09ec3d23d19115478e6fdca6
-
SSDEEP
12288:zwyV1lzekhtihXIQi+5S046lrRp5W7IF+90RHXYpJSB:0yV/eoK/5DNH5W7IFqAVB
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SWIFT COPY.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e)cnIdR1
Targets
-
-
Target
SWIFT COPY.exe
-
Size
550KB
-
MD5
1836407a4605fecf877eabf01ab0d84f
-
SHA1
8e006502062531567776e6315a031eac91c7a2f2
-
SHA256
da329fd60cb3519d400f3ba48692d3a3d79864dfeb51a43db56b6d12982cd3cb
-
SHA512
01751f101343e3b060023052cd7aad557739ada3cd00685b5dda6735676772c3d6c0de0414b0589050f5e4a0a89ceeb23217b2fd558ad196b57e7a31a6de6b91
-
SSDEEP
12288:2wyV1lzekhtihXIQi+5S046lrRp5W7IF+90RHXYpJSB:lyV/eoK/5DNH5W7IFqAVB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-