General
-
Target
f7d56088be53b42a6235971cb3a917ef_JaffaCakes118
-
Size
387KB
-
Sample
240418-mt3r6aca9x
-
MD5
f7d56088be53b42a6235971cb3a917ef
-
SHA1
363c78c96e142cdeb452c232460a56abf2c9162d
-
SHA256
1726471eb3bca7943185517d3a5f2a26194041067f90758b8275855ce8bd4fe9
-
SHA512
d7cbc9d5820ae9688cf1665d83c5393f083743be601592798ae18c66b4f4908eb7a791a601001b4d283823914a0219c274d20ccc84fcb26f4f049e510baba222
-
SSDEEP
6144:KYAzwLWQGJpbDW54MJF5Z0s4eA33dNd+iVcc0t+h0N2gfU/dPErjXEbaJNW7zmK/:Ki75usnA3NNtTY+KdfGEU6er5F
Static task
static1
Behavioral task
behavioral1
Sample
DOCU6309491220 Telex release.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DOCU6309491220 Telex release.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prinutrition.com - Port:
587 - Username:
[email protected] - Password:
forrest
Targets
-
-
Target
DOCU6309491220 Telex release.exe
-
Size
444KB
-
MD5
e8ae8fe8fa5d7c83e3ebe26389eae1f8
-
SHA1
6fc0dd32bb26b5b85e4ae4b81a86bb80a1fd414b
-
SHA256
92175af7571463e2114e8c8cd62de70ce9dd6757b67c77a051b0f6f2e52e30fe
-
SHA512
f31fc6d145078569b4932178c6f62bcff3f96da5aed2853a8eb5d5590ceb0c6d30fc6293ac4a75c4207f218dcbba8840035e5c0524d23ee98fed5b01450b5a42
-
SSDEEP
6144:WQGLpbDaj4MJF5Z6saGA33vNd+kVccYt+T0N2gfk/dP+rFXYbaJXS7zmKr0Y:995IsJA3/NBTs+Qdf2+q6UrR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-