General
-
Target
e07eff7ce4bb2af1d6b8c3c564b66b19_JaffaCakes118
-
Size
1.2MB
-
Sample
240406-kq132sfd59
-
MD5
e07eff7ce4bb2af1d6b8c3c564b66b19
-
SHA1
d08a18116685a51729f3653d275a0b7a3dcf0997
-
SHA256
59f4b8d890618bc836dc9fd9bf4c40a1aa6dc7264d6dbbcd3964c3ff5f7e7231
-
SHA512
f6708a8e48fc2f5f64792ffe547ab6e032d3e79d8423d87caef749164169fea4881e288b48cabc4bfaeb7121131e705c8bd2cc4d0535bea9a58b337966893edf
-
SSDEEP
12288:gIF/jmBcdGXTK8+2K+Pjf/dKl1niU1vvxWSgjvwd5uDqt3Wvwki+LHuXifkIKtqk:5wadLCjfglUwvxWN4T3pk5ht2xBZ
Static task
static1
Behavioral task
behavioral1
Sample
Document_BT24PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Document_BT24PDF.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.hdconstruct.ro/ - Port:
21 - Username:
[email protected] - Password:
5R)XZ2Xqis2HZ7p[d6+Oe!0i^C85CQ]uD68jNN@ossy~wH-(ie^9O2(001174?skX%ouFto
Targets
-
-
Target
Document_BT24PDF.exe
-
Size
822KB
-
MD5
7c1be3bb77ce7fecad1e6d142db95fbf
-
SHA1
63c170cebb0e1ad1104897e8837bf14eb5c08cbd
-
SHA256
187cdd0639eb10e50f060de4cb487920a65628104f66a0aeb12c5404a55fe298
-
SHA512
74df0f90d3d92bd0993e4d519105d327c725cf4c10bddb57cbf6a87f10cd7ef2081830813d3ca2b3a9c80560f67808b13d7c5d3c24535d1ed4f45b4ceb9037f2
-
SSDEEP
12288:mecSSWLU423D7R+5vmVfa4NQDOYyTjTtmJzOHZ+vuF1HXSQoro36nzhdGjKqAXzC:4zWL67R+unuDJ+ssHgu7CQoW6NGqmIS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-