General
-
Target
20966c3ba521fcc25984ab8310e29f55_JaffaCakes118
-
Size
459KB
-
Sample
240329-nb1eragc95
-
MD5
20966c3ba521fcc25984ab8310e29f55
-
SHA1
e297d0697d1d94ba7084db3441307cb24ef85e2b
-
SHA256
522395519fc98a15a72728c30e9afe1c64d7f8d9c96515c239c8a401c2fc4886
-
SHA512
dec04a4e3c2da6257aabe171d43dce8100257edc4f7971b68f9cc67c86ca793f7911661ac621018ff12b32ab5159ef8ae397b68ddab77cbab32552dd0d4ce74a
-
SSDEEP
12288:JlkctLdYh1WGvmT5C3bz4+oCeI6u1DAcC3Qn6XeQ6ZTy1:4/XWoG69NHtCcZTy1
Static task
static1
Behavioral task
behavioral1
Sample
Nuevo orden.XLXs_____________________________________________.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Nuevo orden.XLXs_____________________________________________.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mudanzasdistintas.com.ar - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@ - Email To:
[email protected]
Targets
-
-
Target
Nuevo orden.XLXs_____________________________________________.exe
-
Size
50.0MB
-
MD5
77b08ae81c630cc347b54ef8c1f4e804
-
SHA1
a81aeed17456ed0fcd923a4e99b41e9d42a79cc4
-
SHA256
a36a5b94a8923ae135a43b21ec38a37924fd59ef902f496f7b499cd4e4083143
-
SHA512
7acff535d8b8d4ef1255ce25c6e8171739462ca9976d271781e1d97a58f5e354d74348ec2b3829084935f98a2003374108ab2bd639ada296edbddb7b748544d3
-
SSDEEP
12288:CpvBtyYx4xp7nhIuyRFN9q8/YnoWcl4OSBuYxQpFH5GgNYP:Cp264H7nhIbTmhcl4TBxw5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-