Overview
overview
10Static
static
350f0889e1b...18.exe
windows7-x64
1050f0889e1b...18.exe
windows10-2004-x64
10$TEMP/12.opends60.dll
windows7-x64
1$TEMP/12.opends60.dll
windows10-2004-x64
1$TEMP/Beau...le.dll
windows7-x64
1$TEMP/Beau...le.dll
windows10-2004-x64
1$TEMP/MakeZipExe.exe
windows7-x64
1$TEMP/MakeZipExe.exe
windows10-2004-x64
1$TEMP/VsMa...ib.dll
windows7-x64
1$TEMP/VsMa...ib.dll
windows10-2004-x64
1$TEMP/pragmatics.exe
windows7-x64
10$TEMP/pragmatics.exe
windows10-2004-x64
10$TEMP/resToResX.exe
windows7-x64
1$TEMP/resToResX.exe
windows10-2004-x64
1General
-
Target
50f0889e1b72316ac38fcd41e667da22_JaffaCakes118
-
Size
387KB
-
Sample
240517-xel6zadb5z
-
MD5
50f0889e1b72316ac38fcd41e667da22
-
SHA1
3b12c09887303bfe42b30559fe22381184cfcb48
-
SHA256
d2778835fde0fcfab3f1a69cef61e1c677c275ff0d57e0051c59d6af9d7114ce
-
SHA512
80e855e11bff0ac20cbc81c51a9e8fd7392073eb9dd0fa3bdfb448c5ecd91755c5d7fbf1e13b267ccc0cca1989a09ade94cc4a7ce69bda1b34b7ecb3947baff0
-
SSDEEP
6144:FUj/wAQQlZIsAaiPLRQKu38GWQD31OzUDRrjrBEEsaxW4MujFbXPAuy08CO/:Fq+QlaNdQKgFlFrOEsa8Luthyt/
Static task
static1
Behavioral task
behavioral1
Sample
50f0889e1b72316ac38fcd41e667da22_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
50f0889e1b72316ac38fcd41e667da22_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$TEMP/12.opends60.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$TEMP/12.opends60.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$TEMP/BeauxSparable.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$TEMP/BeauxSparable.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$TEMP/MakeZipExe.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$TEMP/MakeZipExe.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$TEMP/VsMacroHierarchyLib.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$TEMP/VsMacroHierarchyLib.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$TEMP/pragmatics.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$TEMP/pragmatics.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$TEMP/resToResX.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$TEMP/resToResX.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.appraisal-hub.com - Port:
587 - Username:
[email protected] - Password:
Kumasi12345009
Targets
-
-
Target
50f0889e1b72316ac38fcd41e667da22_JaffaCakes118
-
Size
387KB
-
MD5
50f0889e1b72316ac38fcd41e667da22
-
SHA1
3b12c09887303bfe42b30559fe22381184cfcb48
-
SHA256
d2778835fde0fcfab3f1a69cef61e1c677c275ff0d57e0051c59d6af9d7114ce
-
SHA512
80e855e11bff0ac20cbc81c51a9e8fd7392073eb9dd0fa3bdfb448c5ecd91755c5d7fbf1e13b267ccc0cca1989a09ade94cc4a7ce69bda1b34b7ecb3947baff0
-
SSDEEP
6144:FUj/wAQQlZIsAaiPLRQKu38GWQD31OzUDRrjrBEEsaxW4MujFbXPAuy08CO/:Fq+QlaNdQKgFlFrOEsa8Luthyt/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
$TEMP/12.opends60.dll
-
Size
53B
-
MD5
daa2b2b53c73519e2cfe5239a33d7fe2
-
SHA1
4cdc35f6b76191dfb8045ffa68994ad7d470491a
-
SHA256
079bbc83ae9ecb7d781bd24eedbaeee2b58009906739990c97a0976ab9332e81
-
SHA512
2130e15a5686ee1788c29c2022922c128257eb7c45313b49dd2946a23c9d9a78b7cb0ad3c700b2c3ffdd9225b5d9a020de9b4a01114d771c4a850507f72e950c
Score1/10 -
-
-
Target
$TEMP/BeauxSparable.dll
-
Size
76KB
-
MD5
99236dd796d2adf3c6260b3eecd5dfb5
-
SHA1
a43863c63204c2b202d3477dfeb9521c21daaa48
-
SHA256
e5d68b9bcf465b0d46d697770bad54c5dbb106b45e55b37f80eaf7e0422d0f6d
-
SHA512
5312fbc934221f1931b78caf3d1137183167f4bbbde4f76dc4836a5c728f9523b50d8b1d62af17c8b0962b4a5901bafba339e230e20b9eb41802c8afb0810cda
-
SSDEEP
768:7WZE8CmBTlm6uQLAmtlSKAS58/yAQ/Ku3bZQhtVtZCLJb:7xRmqOAmDSR5m9Q5tZCL9
Score1/10 -
-
-
Target
$TEMP/MakeZipExe.exe
-
Size
19KB
-
MD5
c1fd440232b406dbe0c31d95ef15c10f
-
SHA1
0fed2783db14580235ff0376994739b1dd2124bd
-
SHA256
7e5a89afe60f7ba8bb14d8cd1b090e6f9c51a8632469daa9d58a5e3567f5c87d
-
SHA512
305e303cf3ad3db2a2b94e35de4129fbd8202ed6e7cdd817e18fca3a8f8bb126c9f3bc0faf9a2ac27b70d01f5367889493b02d5eba709182b062cbe6be05bd8a
-
SSDEEP
384:TcPmQYQjKtNFWM3TsiHg6ihJSxUCR1rgCPKabK2t0X5P7DZ+v8WLiW:mFYSMDnFRJBh
Score1/10 -
-
-
Target
$TEMP/VsMacroHierarchyLib.dll
-
Size
9KB
-
MD5
fa8b9b8c019621ee87f6dc589a50db99
-
SHA1
77bb7e8137d83ebea08f6b65e1e94ffa4559b2d4
-
SHA256
165882e496e37ceb73174d921d7a07de38750c5e43f2bc4f0f8a052faa5a5b97
-
SHA512
814528a1946ac2678962a8646cb8daceceb6a9fd5d140b49150f06ca4926d20267632fdc48a2cd7c3adca841a727d4c56255de8fdeb758d0195ef69a83c2dbee
-
SSDEEP
192:XIsTTrfr6EL3h02hTnq9yQUkwkwE+254QQ06iy3kiXzFjeoU1gtldhT9xyWQNB67:XIsrrDKPUD4LKQQtiyUijkoUKnPTHyW5
Score1/10 -
-
-
Target
$TEMP/pragmatics.exe
-
Size
48KB
-
MD5
08c2ab35984a38de2f56de4e026d4410
-
SHA1
5e9f64c1cbe546a899f8903f38d42cd830474068
-
SHA256
0a46cc80a4ade0fd9c11947000295a1243902c17c82ec8c1e8eae99c3a46f288
-
SHA512
3828d6e7259a08d335fe34b2589db948f89b98a0a67a5275070bb9528709db88ed1726cd2e9fdfafaebf0cf45a4f1cd77ff84dc68f464ead44967ce3dda0fd01
-
SSDEEP
768:Ba/zEsxrPPqSmhTUrDAatzWP8HM+3LEtTw:qtVPPqFWAaVWP8NwtTw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
-
-
Target
$TEMP/resToResX.exe
-
Size
38KB
-
MD5
8952521941dbe005a4ac2fe8a88aba2c
-
SHA1
b5114de8c2e78d72ec8ddb6ab7bcb02b1bb5291f
-
SHA256
3a530aacf477d005147c3b3a782b96a7c9a8a17a0a3e163be255ca8a133ea430
-
SHA512
a79f7bd27370578be53e1ff46dbe52fc95c153c7213ad9ca5d2206c3d6e8ad315bb98058ad8d806aa33affc1c22c9784ba73b2e7da20b36dd77421f85a90d0ba
-
SSDEEP
384:J1rc09Z2gN3uUXCKDWK93bZ3Jd0Oi9jqUOJesaxdu/+lW8wWhLCcMe/oTC4:H12jUXCH4rSqFCbU+17L3d/o+4
Score1/10 -