General
-
Target
6c02710a77793c2cbbe772297dd6a16b_JaffaCakes118
-
Size
566KB
-
Sample
240523-x2ck2sdb94
-
MD5
6c02710a77793c2cbbe772297dd6a16b
-
SHA1
506edf76be43036ff202e47f060bae6ad406b110
-
SHA256
0fd074d5c884fa43b879d5611936d497ddfbff034580f1b4cf35ecf99151b5b1
-
SHA512
9d2f3cc997b8d149ee80c10ab4bec614428238f0b494e2ebd852f273bb75e4406d6024c02491040a7b57eb022123c4d7cca20af8f31a5b263c0b5a59d707fbcd
-
SSDEEP
12288:WxEk87ebCQ2wUpRSs5YtU54liluVJ8Z0famD:wrCQ2wUpRSs+akFVaZ0fai
Static task
static1
Behavioral task
behavioral1
Sample
MedWingNT_04_TT TP012080202014404 pdf .exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MedWingNT_04_TT TP012080202014404 pdf .exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.papir-kiev.com - Port:
587 - Username:
[email protected] - Password:
Greatness@2020
Targets
-
-
Target
MedWingNT_04_TT TP012080202014404 pdf .exe
-
Size
851KB
-
MD5
c665924dd7dbd383b39a78f781d9b1ff
-
SHA1
04edec874b0bc40cfda48095f75f9ff21b76ef80
-
SHA256
3d84d5e663d7a56d40a164bfa46bf86aeb1a0f47659d9eda7e6b273605f1eb07
-
SHA512
0d399e909835b79e55d572c58911f2a3e9869a5194c83f92a1b27081f7b9066be82c6e234d69175d30ed12ca74c87be077d60ac7e8d732bb9e54751a476d202b
-
SSDEEP
24576:i36tgdwdG2dqTdJdqiUNqW4vRBC9RH1q:i36tbdgdJdBU8WiRkk
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-