General
-
Target
45bb98eb146b6574312d7039ada6f45b_JaffaCakes118
-
Size
237KB
-
Sample
240515-mf433adb87
-
MD5
45bb98eb146b6574312d7039ada6f45b
-
SHA1
38d288283dc016531e1de6562ea966b2767d8c1d
-
SHA256
cd082656e4b580ec878d38b63063a7e6ebf66c717cbd3ddc2698c6d83d947591
-
SHA512
39057b3408193ba4c3fc56e7e45a5241fc5e0f132506c3f4f725cfb1cec19760583a0ec764d473132aa78c4e28d208ce3e02b55ca62fc8f671c51004ea14ee43
-
SSDEEP
6144:Z/fKKMBYP56jGUBKalSEVHc84dWVnfXMlG4LMHlDKY:Z/kBuoGU5lrBc84FlGUuGY
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order PDF.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Purchase Order PDF.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtpout.asia.secureserver.net - Port:
587 - Username:
[email protected] - Password:
karthic@2018
Targets
-
-
Target
Purchase Order PDF.exe
-
Size
384KB
-
MD5
71edac346c7e4d2ec02bc3bc8ed49b76
-
SHA1
cddf3516221ce5e2c90ccd01138014cebe6e1ab1
-
SHA256
1149d0171a4735349faa99e3665b1eb2d441f7b806d229ca527275098f179832
-
SHA512
80a6f42db76eb027ca582f276d61e1199d4af546f16bc2dd2a0039aaf815513e1cbd54fcf457db53125e47fd277c7a772e0889f30d97abee128f47a05285d8d6
-
SSDEEP
6144:QNfDbe7yaR7i6bDMKnJ8JH91bVP4VsG1p1Gii4CPN4X3gHckkKCrx+z:Cb/d8xwP4VsG1LnFyN4X4+x+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-