General
-
Target
2cfeed0ace8250c8fc52d7a1d5e86d10_JaffaCakes118
-
Size
1.2MB
-
Sample
240329-z26j8shh2w
-
MD5
2cfeed0ace8250c8fc52d7a1d5e86d10
-
SHA1
e2ecc72d6890e8579fd7cb0c29062c50a185d0f2
-
SHA256
091741cf29036c74c5291697bbf26aecd67ff088a709b60c3fb74e76bef7ee34
-
SHA512
bf37a1a81a7317fede0daff9c3072c8a6ac52f212e14e405e2a442f94e9752a3af09617a08a2866fc87f352f4a67a9425e78fe61140677d1bee4f21b723a42f3
-
SSDEEP
12288:KajB0fGNre1xRFYMeRScfJmL2ag3moLT:3B0QMfFYycxmVgvP
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Scanned-Copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Payment_Scanned-Copy.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e)cnIdR1
Targets
-
-
Target
Payment_Scanned-Copy.exe
-
Size
424KB
-
MD5
4341dadc9334d9f1ad93aa21e97272b1
-
SHA1
cdae7f2f7ffd1148c64309fe01e3423607f7c7bd
-
SHA256
d96d166e391320de79c459f8601901748f0cd39272fd7593a07b495de6bb574b
-
SHA512
50c462f4d1af8aa5fbece3a7c3bf45eb7aa57bb84795fe371e145f410e443eaec83d843123b7050bff7a4c68208ab264de6b7d64fd8dfb6f791b02802ce4e6cf
-
SSDEEP
12288:EajB0fGNre1xRFYMeRScfJmL2ag3moLT:lB0QMfFYycxmVgvP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-