General
-
Target
555f8f7bf9625f2abb40baaa9bcc58a7_JaffaCakes118
-
Size
649KB
-
Sample
240518-sl7c9shf28
-
MD5
555f8f7bf9625f2abb40baaa9bcc58a7
-
SHA1
bf619be36083ea29387d0046f3bb051b02b8a93f
-
SHA256
79824756e871c291ced605421479921a1ae4cce21777c9173d124f516b4acd23
-
SHA512
10e6a1feaedd13de86ada3ec9786cbfe34eec57e720f4b78d8bd97ba9a1f48ba96170abf0fbef4ec8d3299aee59bf5a91e00a3ffce6498fc584f3cc8bee8edb1
-
SSDEEP
12288:HhTnOKHz79bwUvrAqqJONcMQPnaYxaIGIbMVjsSWihQwXD7ias2V3NRwQ:HMKT79PvvqIcMQPnjaIGIbqjtbVXD7r1
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Confirmation.pdf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Shipment Confirmation.pdf.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
Shipment Confirmation.pdf.exe
-
Size
721KB
-
MD5
c43712a220c16a8b4b34aa87d512841a
-
SHA1
a65860e3aab9c0b3ddc85dfe637d0f20a28b082f
-
SHA256
8a4a88659d3c4afd400027535885406c187ef780b4ac69a5f649d41b6f4a0278
-
SHA512
90a52acd4e6d6bc8fcd5cd1b437defbaaf39178b9681ff0fa7d75d4bc85e62aafb91edb95f730cf0226cd41cec39274dee03845ab488d92607d18f46c6e7a082
-
SSDEEP
12288:WJXhe51p09ATlOF3HWR398LivZV0nS/bXqfqxwusfGHKMY2UsI9WrhPgaI:WJMriATGW7uiv30KbqiiRlMYgIA4aI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-