General
-
Target
f8f165a76b243c15b0dc99aea9edb199_JaffaCakes118
-
Size
368KB
-
Sample
240418-2z18vahd53
-
MD5
f8f165a76b243c15b0dc99aea9edb199
-
SHA1
81a1580459731b6ecc3f5083a3a312a970224cfe
-
SHA256
0b84b369722f9a00da95d70e7e737f459843d053773148533229260b94f397b2
-
SHA512
ed9851aceba0bb8ae59d41c135aacbc07df2760d9242c7b064b1cc058d46c8630cdacff6cf0cac6897805dde1a7e340331bf314eb6e6457898555d35d19200ea
-
SSDEEP
6144:Da4Zf1IF6dagIfvGC/39AoE7el5XTDXkqelmI/vss2Ju2kOSHxfNf7x27s72TGsQ:vrVdaPZTL9M2kQ4x7E7QMGT
Static task
static1
Behavioral task
behavioral1
Sample
HSBC 10391410192021.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
HSBC 10391410192021.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bulletproofprotections.com - Port:
587 - Username:
account@bulletproofprotections.com - Password:
Everest10account - Email To:
admin@evapimplogs.com
Targets
-
-
Target
HSBC 10391410192021.exe
-
Size
402KB
-
MD5
c1882e8efb6ca07c13330d87432c9ff9
-
SHA1
480743c6bef4a6393fb0aa1c9e91a2c0615c9971
-
SHA256
148e1bbcd7efa9ce104615e14aba908bfb89aaaffd24824b0f25fb94387fbb75
-
SHA512
67616609962264837040e19b86d7cbbea2ae8c238affa6818cc764554c201016db99384eac034d325bf398769ea2810e1d6ca51f9222bb93c736cd65cc75e597
-
SSDEEP
12288:7av7XMwLhL6z7xUNgiT9J83xKGeoXGqG:XwLhL6z2NgyDj3oXGx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-