General
-
Target
06ddc0acc656ef75d74715ad4f2a2019_JaffaCakes118
-
Size
1.8MB
-
Sample
240429-fl152aba84
-
MD5
06ddc0acc656ef75d74715ad4f2a2019
-
SHA1
ed0ce51dae2a074eb2d61ff177675eb9cee8c47f
-
SHA256
e2686ec1451901810d319d812408e7a36820d70076b1c586ce62e168074cc8f3
-
SHA512
5faaa1fe565df6ee7cab74ce4a39122c65f685b9d4ebc703d29d60db8502db59c7ed7645f65b9597f77695fa1fa404508eb6fa1d1edf5e4b5cc6cbeb08b4ae64
-
SSDEEP
49152:Yu0c++OCvkGs9Fae952CzEzaurbnfPld4F5Y:PB3vkJ9loCQzakbnfvk
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ociii.net - Port:
587 - Username:
[email protected] - Password:
ojuks4421132
Targets
-
-
Target
06ddc0acc656ef75d74715ad4f2a2019_JaffaCakes118
-
Size
1.8MB
-
MD5
06ddc0acc656ef75d74715ad4f2a2019
-
SHA1
ed0ce51dae2a074eb2d61ff177675eb9cee8c47f
-
SHA256
e2686ec1451901810d319d812408e7a36820d70076b1c586ce62e168074cc8f3
-
SHA512
5faaa1fe565df6ee7cab74ce4a39122c65f685b9d4ebc703d29d60db8502db59c7ed7645f65b9597f77695fa1fa404508eb6fa1d1edf5e4b5cc6cbeb08b4ae64
-
SSDEEP
49152:Yu0c++OCvkGs9Fae952CzEzaurbnfPld4F5Y:PB3vkJ9loCQzakbnfvk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-