General
-
Target
2c2588d2e27e09d7ce23ae9352329a97_JaffaCakes118
-
Size
354KB
-
Sample
240329-zbjyjshh27
-
MD5
2c2588d2e27e09d7ce23ae9352329a97
-
SHA1
1d671327aa100f191a614ac6b9bb3a165e1e44cc
-
SHA256
05f57a596df25f644b493c9b68f3443c6b2e61afe036701444d1d8d81775a8c9
-
SHA512
cd177540726c4c45741ce08c8a659798b7eda62d1faf165301dd2cd8610790bf16bbef3824f774b67bb4de4c50a1621533f556ae05c5c1c6e5a6f5efef2beee9
-
SSDEEP
6144:r1Mtobn1UZzx9ha66rULcngmBR6il79Cqwp0lLVeHZ0S8FdQizH5YTmKibb4XGc5:rSabnqTH6hxLJ44LVGKRzChibbcGI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
proforma invoice.exe
-
Size
388KB
-
MD5
07a9c9d3de53ce20de184c9b22137657
-
SHA1
38db554f03a2b190c7d485c3cb52e6a8d70abba9
-
SHA256
af0902b859d5df130dc0b9f8e0541b88da80683721307249b239e5da98050811
-
SHA512
3f98a41b2d9a274c8a855e4b05c99c9ef575df87273961d0cca5660b7631e577606747396cc65e691ed3318cc78371179a8c48bcd8e46ea5fc284ee88bdd8d62
-
SSDEEP
12288:ABSBmd3IFhfV/AMcIlXbK/sXGgSCkZUKxE:3BRNJZmsXGgroq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-