General
-
Target
500578cfba8b85ecd1dd659595b001a5_JaffaCakes118
-
Size
1.2MB
-
Sample
240517-rytr9sca5x
-
MD5
500578cfba8b85ecd1dd659595b001a5
-
SHA1
723087b7178d692ecd6702dd094c108d454550eb
-
SHA256
657b4853b0343e6227d5750e7a632cf96e55ae8330a62abef4eec13e00facd5a
-
SHA512
2839a16d9b54280b0e6350a3614dbae7464eef81dfa78f3d9dc9fa468b4bda3aa9255891649e62f44d10b01df15b661907a81e70e0d2b43d487861728e2e4efb
-
SSDEEP
12288:OinvknBVQuYP3SWoz0iUXqr60br59Pn3Vk0e:OivOBVmP7viUXO6Ur59P3Pe
Static task
static1
Behavioral task
behavioral1
Sample
PO_ORDER.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO_ORDER.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.makezimbetter.com - Port:
587 - Username:
[email protected] - Password:
Mah3r@34
Targets
-
-
Target
PO_ORDER.exe
-
Size
535KB
-
MD5
290c3c0efc61d301d3adb59b61cfeab9
-
SHA1
2598ff4a8854e0fa44520eea424d9ba4c1cb2ad2
-
SHA256
4f670101c607562bfd86014483418aaf3e76c63ab2071b21da1ea1eb576f9bdd
-
SHA512
24ee6d6cec6cfb975cdae1225c67bc259130daa43881d429b65bf54ea1d5d512fe80f990684e4930e00da0d2780ba10803abd51e23cd770bb593ddde08fd9fa8
-
SSDEEP
12288:ginvknBVQuYP3SWoz0iUXqr60br59Pn3Vk0e:givOBVmP7viUXO6Ur59P3Pe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-