General
-
Target
e61588d0729ecc06f559537d258ffd91_JaffaCakes118
-
Size
387KB
-
Sample
240407-273rmshe94
-
MD5
e61588d0729ecc06f559537d258ffd91
-
SHA1
7421bd486c14dd3df9f520f1e4224806e6c823d5
-
SHA256
53acd70a0b9a9463116c92c3f0d43faca4ccf8d6922117936ca4f53de6398403
-
SHA512
145d563ba528fe9d5b3f0e86efde4ecf62a8e64e2a696db022aa4af89caff34b8356a3e8fafdaae72481f260943b582be648dcb042d7d8d0d4906b4be2ff7122
-
SSDEEP
6144:fYAzwLWQGJpbDW54MJF5Z0s4eA33dNd+iVcc0t+h0N2gfU/dPErjXEbaJNW7zmKA:fi75usnA3NNtTY+KdfGEU6er5+
Static task
static1
Behavioral task
behavioral1
Sample
CI&PL-AWB-HEL-21-324-1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CI&PL-AWB-HEL-21-324-1.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prinutrition.com - Port:
587 - Username:
[email protected] - Password:
forrest
Targets
-
-
Target
CI&PL-AWB-HEL-21-324-1.exe
-
Size
444KB
-
MD5
e8ae8fe8fa5d7c83e3ebe26389eae1f8
-
SHA1
6fc0dd32bb26b5b85e4ae4b81a86bb80a1fd414b
-
SHA256
92175af7571463e2114e8c8cd62de70ce9dd6757b67c77a051b0f6f2e52e30fe
-
SHA512
f31fc6d145078569b4932178c6f62bcff3f96da5aed2853a8eb5d5590ceb0c6d30fc6293ac4a75c4207f218dcbba8840035e5c0524d23ee98fed5b01450b5a42
-
SSDEEP
6144:WQGLpbDaj4MJF5Z6saGA33vNd+kVccYt+T0N2gfk/dP+rFXYbaJXS7zmKr0Y:995IsJA3/NBTs+Qdf2+q6UrR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-