General
-
Target
29a5bf4d158adbf0fa04a23802af4605_JaffaCakes118
-
Size
462KB
-
Sample
240329-w7nd3afa2s
-
MD5
29a5bf4d158adbf0fa04a23802af4605
-
SHA1
75e78af3c75a4037d9726a673ee72747142af290
-
SHA256
b7293418959fa99fcf1b1df02801b3b31de96d969ce38c915ddbcd8f63ce0d1f
-
SHA512
8974981fbba3ff18e3101804c649dd574166496b171efb82daedba486cbe93bb7852915dfde00a10dc4f358efea600fd623b41216024185300b87ac8f3893fe0
-
SSDEEP
12288:KF7knbmSHLhs34Pqc7n4BhuX8v/8490avlyfRJUfX5B5eabvZ:i7ab7Nswqg4Bcj0NvuURB5eA
Static task
static1
Behavioral task
behavioral1
Sample
PI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PI.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.polastarline.com - Port:
587 - Username:
[email protected] - Password:
donblack12345
Targets
-
-
Target
PI.exe
-
Size
607KB
-
MD5
9c3b2089c30695a8a0c0eefad75974e8
-
SHA1
8090d34f62d1070a44edbe650841faf7ea8de7b9
-
SHA256
373c5a50e01d675cb64eae0351dd81abfcbcf65c0a23cc48019f202dadc78b23
-
SHA512
166847ecd00d9e43e7d17a2bf8c2650a6e008c979faf6a82ec607b0ef9380e29cbb995f690128272336421e598aa0ccad70b7da12cf945d7fc5b5cc1cb9bf07f
-
SSDEEP
12288:k0hv/Uo6PqcH94BhUXqv/E4niaRHUfXJGf7ZB5E5g0:BHUoSqY4BujojRiGVB5EK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-