General
-
Target
fa1e2a719a6f5cc1413d50ffccc3fa24_JaffaCakes118
-
Size
640KB
-
Sample
240419-mnxnyshf8x
-
MD5
fa1e2a719a6f5cc1413d50ffccc3fa24
-
SHA1
90d5273a882afc7d19648a0dcb488fa885a2502f
-
SHA256
cf080548e1b18824c38e9def91a70ef2e77114ee9f339d8154ef4f77ae22bbba
-
SHA512
6914a0fd700ae0c49e41f36a1744b968152281be7bfc92ce8f7cefeefd201b7da6a9902853d482267521729d6bf5e858ff22b61fe79a87444fe0e155b72c5571
-
SSDEEP
12288:4s/vsMUHlpGQfhkZM9B8GxaUYigyYNH4vbUFlc:4sH4lpGekMRlYJR4vKe
Static task
static1
Behavioral task
behavioral1
Sample
873762-pdf.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
873762-pdf.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pss.net.pk - Port:
587 - Username:
info@pss.net.pk - Password:
AnisAhmed1980 - Email To:
jamesadnyy@yandex.com
Targets
-
-
Target
873762-pdf.exe
-
Size
924KB
-
MD5
174a3ab2bbaa4e1ab786b9c98c7b3639
-
SHA1
d0b3bccc1c855b1c59ed75c5c7d826bf168a85fb
-
SHA256
0c81f1f9ab9a50ca7a8076384b1b46cc484f67cb0f8da081c56c9da42da4055d
-
SHA512
51e8a01a016fa97968c814931e0ab6820e0847cbb1f2f018ceb3d25c52344ebfc47842e16c576cb15629d37e54d06e2f7ee9fd2578e7de4737ac7b9d559169a5
-
SSDEEP
12288:GwcsGI/cg1RbcvPiaeS905fcyY+P45no+7e9o3CZq2CJSUD7pC4BLeom38/vk2E3:GmRbVcyYt1oKe9PtuSUBCerlE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-