General
-
Target
68c3a6b0643e678bd6cb7da077aa9b92_JaffaCakes118
-
Size
449KB
-
Sample
240522-1s4jysac4y
-
MD5
68c3a6b0643e678bd6cb7da077aa9b92
-
SHA1
18af0447c7091b96557d760ac33f9d2321769c60
-
SHA256
84a432df1bac586156c07274b7c85fbb88f491d26769175c049f93d91b27bce2
-
SHA512
77c2712d1b6be4bee7776fd70d4b83fe6dc900201b2c4d336a76ea0b65f7f4d490b03319eed5c6f01e298ef24ca31c047c7da473f9f0177ef6bbf89bc8e7d278
-
SSDEEP
12288:FmHkos18tXvpTO42OBExwIdru/KWOjNE9YLMJ:FwdnHxRWduZOjNFoJ
Behavioral task
behavioral1
Sample
TT WIRE PAYMENT.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
TT WIRE PAYMENT.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
TT WIRE PAYMENT.exe
-
Size
461KB
-
MD5
e7ad677d44d7652fe49e71095e2d9811
-
SHA1
5ff65ad254c2d66fd1c616ce2de79bfcbb9c0d75
-
SHA256
d46fdddd02a815cf2289ab5ac60007d50e846934dff9e2e4ef21059f4d270c8b
-
SHA512
5eb458dc773ffbf65cf99733803acd6af9e7be959a7b6f2d25c418c76589b0a5204ecebff28b053567cfb22081948c1af41d68909392a76001d0f8f5545c90ff
-
SSDEEP
12288:V73bk0H7QSv4QipraiOoiKkdLppYHQ/DQxTevD7/e:XHEm43praOmdLpKQ/DXDL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-