General
-
Target
679327dc45362940cf33cd2fc0f9a27f_JaffaCakes118
-
Size
445KB
-
Sample
240522-rsnztsec72
-
MD5
679327dc45362940cf33cd2fc0f9a27f
-
SHA1
94e1e653e51024580cefe78d94c472ecae0ce34a
-
SHA256
f1712d431b4bdbc63e6394533274ad333325507ab9034f83981f1a0c831f6e5c
-
SHA512
5a9c71458a6a8e91b341b323c1c9360bfe2a0614d6ce774dd1da6029978b195f5798336995d4f0f767ea2fc14e3daa37664a2dc27dbdceb0341a8b3ac784fa00
-
SSDEEP
12288:aY+biRSGCzNd/1zc9e1+ZRm1g4pxRSjqzTGbLP1MbZ0:aY+bOc3hX+ZRmisxRSjqzGMbZ0
Static task
static1
Behavioral task
behavioral1
Sample
Quotation_pdf.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Quotation_pdf.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
scott2424@
Targets
-
-
Target
Quotation_pdf.exe
-
Size
705KB
-
MD5
dddddf377d10cd41e3ee6481cf117cd0
-
SHA1
a075e276f64a6e89cf20de22e6c5a6304ae1fba3
-
SHA256
059966fad375c8ce66bbb2da74f0c854918f6dba12af2a64cd401c00db0104dd
-
SHA512
0b09ca3a3c1034395f13ec0d1429ada31e7d18a0af83daefd05c72a610d5aa0bc860e314463e18bf833511a44ea5551a968910cb23804b9356027e34dcf1d070
-
SSDEEP
12288:dr5NlaFRMb7GKWWUxDz/xTT8Hc0jcJLSVGelJv61YmkSfsB:RL+Mb7hUhZqc0jcJLsGelavkSfK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-