General
-
Target
f77fb9696ca8e53fb087c7db3a2f1e6f_JaffaCakes118
-
Size
948KB
-
Sample
240418-hryyzafd9x
-
MD5
f77fb9696ca8e53fb087c7db3a2f1e6f
-
SHA1
00719875c061d7d9a5126a6aa127b4d3a7a18032
-
SHA256
955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835
-
SHA512
93011408a5780546e5761f7d50fc3bca738463b66fc7a5ce67af2bcc8103ba867ef72fa58fee0cdb2a4190df893396a9fddc788af3819e7453f865b8181271b2
-
SSDEEP
24576:hyf4cK/bya41499QECxApHS2YLV+CVXlL4+3QAuLTOMvrIw4Pe2:hyf4BbP41k99VxYxVVVdVupvrK22
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Request For Quotation.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
22june1969
Targets
-
-
Target
Request For Quotation.exe
-
Size
1.3MB
-
MD5
85aedd255e9beefb14194916418624b4
-
SHA1
d458eb480a3ce13a4c52bd6512961ea3bc5fcb1c
-
SHA256
ae5a3c9422ed0db82291183dfb6558f046fa7c57f36e47ed4c7f6cfb7d17bfc0
-
SHA512
16e6375409f60377d32378fde5edae0cbbdc46b41d58b3e083b442bd65e8712a9139050cd67f97235e10965a42b69dc5edfe11721150fee136eee9a207a93d22
-
SSDEEP
24576:EGsPL76DOLfx8Dgyfx8Dg74h4b/QMG5M5lwkSJzy6ztHL4WNQAcGNwDZhGL:YL76658Dgy58Dg74h8/Bf5Sl5zJjHcGR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-