General
-
Target
a3f7e5c2164d5386bb4161fc9e8e0881_JaffaCakes118
-
Size
531KB
-
Sample
240403-xlhr5aaa78
-
MD5
a3f7e5c2164d5386bb4161fc9e8e0881
-
SHA1
44cd5fdf36eea5df109549108f7ca371ca197057
-
SHA256
9688972a550182710459937ac8beaf2648614e12b041729732c6c31503b1aff7
-
SHA512
ab63a704f67f98dbb9ba73df6ae9bcda5677821512f3709626f29a497d4b692a6a6c9ca5d5e37960b8564c5e87aee69ec495159c1c0c7b7558e09d1cb5ec0af2
-
SSDEEP
12288:sseq5cNHSyfeM8RwvQFWupJY1lC3eVXgtsmyEyjwysS7EvdAXJd60:sseBN0RQCKCDZyjAS7uUz60
Static task
static1
Behavioral task
behavioral1
Sample
Scan0020.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Scan0020.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e)cnIdR1
Targets
-
-
Target
Scan0020.exe
-
Size
638KB
-
MD5
a2db85fcad3878617112ac3266282587
-
SHA1
57fb3301594c5577e6c39fdb6388883995cf24d6
-
SHA256
f88b736fe32b6e458ce63fb67b8bf0ebf6388e6e35e23bf9bcb46893375115f1
-
SHA512
742b317d09599b21ead1b570ebfdc0dc27197755456090041d56fb2c1e1077ac7f9cbbf77b82d567155db5090acabbae6f8cb1b1692df61ab1439d1cebcc0cbc
-
SSDEEP
12288:KI+asIzXZ9hvqT2dsWA+DMmyA8wyFtySS7WEZ2a6GwIL8XzuH0:flyuR1DMmryDE4g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-