General
-
Target
330c19bd8fdfb8621ff95cf274236836_JaffaCakes118
-
Size
565KB
-
Sample
240330-ejtshahb39
-
MD5
330c19bd8fdfb8621ff95cf274236836
-
SHA1
fed54431c94423fbf21a4f390e71e549364249b9
-
SHA256
6c23023be3d1d5ae92d721094654c2ebf72a8403f731ecebc2c25394e95cabcc
-
SHA512
578fcdbf4b8507ec76b1834534075b0ae17d63e5237d097e1ab02b4db37906311790b9d5493654c824a73cffa35ab75c2135e588e1d58c126f81e0df0e0c9a94
-
SSDEEP
12288:2R3UQEKt3bPajpHsVbKDVb6vzW2Ex4fLcT2fpGBY6XCmme8s:DcLC1MjvryuBRGBNAs
Static task
static1
Behavioral task
behavioral1
Sample
Nuevo orden.XLXs_____________________________________________.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Nuevo orden.XLXs_____________________________________________.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.luisxtorres.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@ - Email To:
[email protected]
Targets
-
-
Target
Nuevo orden.XLXs_____________________________________________.bat
-
Size
60.0MB
-
MD5
d1e9e03bf764b55a0c71a7a85e1d1b95
-
SHA1
bc21fc57343b78445e5419b3395546b517a9b4e9
-
SHA256
c58289fabfe22daf894ccf833f7c25d35d973c529611f7bdce3cc8853b4f2750
-
SHA512
e5f180aaeacba6f3a7734bd711640df45d68cbef5273462ffc43b2387e100221a521463cd590ff2d7e6bc0226ea96a67febc17e4939c536bd4d5801ccc6b30f7
-
SSDEEP
12288:TYPUi0+A93reuThEJtmKVKNZb5Zpi/PAoubxlpUYJihv:kPUiFwEJgNZb5ZAAfbZU8K
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-