General
-
Target
2432f9495afce1f902b01a77be81f049_JaffaCakes118
-
Size
539KB
-
Sample
240329-rlwfbsah89
-
MD5
2432f9495afce1f902b01a77be81f049
-
SHA1
b6e886811c85e7128cf4ffd0371a2044b9810fea
-
SHA256
4e54271b394a5aba5d380addca828a24c905d988157efc68193e41c7841bbe06
-
SHA512
bb76cd0230eee7768df997a1b3f43499f2279f6944345569059b71a1adf6f5fc17b690b2cf96901f26626e4f174550ca5faf4e96ff944b434eebffd9aa02d51a
-
SSDEEP
12288:qYmMKSSwz1HWe0YhmY+l9eIH1XGD2OolqtePmZ:q7MKSSwz1HW+hmYABH1XGKaeq
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
kerekesfoto.com - Port:
587 - Username:
[email protected] - Password:
admin@abc123 - Email To:
[email protected]
Targets
-
-
Target
Proforma Invoice.exe
-
Size
583KB
-
MD5
0f3734934415965af2da33bbc6ba96ec
-
SHA1
540d3db3a7f59b5a6fc1bee271dccefbe374ceb9
-
SHA256
1a4ff205c937076b3a95224ec0388791f2dc6be2c9e31508e4458dc05ecdd26a
-
SHA512
f855cf518469fe77f8d31dd56a5b5c4cea015d380854952e3a3e446d4942d551a2d1fe7e0b47176e1d95a8f2733e7ac618c9aae7ae090d135ed5138b8461ae68
-
SSDEEP
12288:8GwUwUwUw5M0QLFgA17Br1IZmbwkiheD+mOXu9yzjfuS6yXLixbRm4GfQSB:8GwUwUwUw5pwh1mmMkiheDZOXu9yzjWO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-