General
-
Target
6c2052b09a10e09614ed08ccbb06d8a4_JaffaCakes118
-
Size
662KB
-
Sample
240523-y1wg7seh53
-
MD5
6c2052b09a10e09614ed08ccbb06d8a4
-
SHA1
d7feca9660996f58a087de0fb019683089b6de48
-
SHA256
266aba3c76dc29ae2cdc7340079dcb6e73f2638bbfc6e1df805641edaae68efd
-
SHA512
aec12fb21021b56dafc7aec8fceeabbdc82da157ecbf8209f07ffbb29f2c561bb68a3db345a993d57ab9de90c415675522c267dfda460f8f89cfcea175e7e01a
-
SSDEEP
12288:Wcaw5Y2dAkP4gJa55cwvhlyBxWjQi7jD6X3vPnILRq8gmG9L1f2Lxi73AYPVxo:WcayNdAQ4owaMhcWjQqjD6HvvIy1+oMI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
6c2052b09a10e09614ed08ccbb06d8a4_JaffaCakes118
-
Size
662KB
-
MD5
6c2052b09a10e09614ed08ccbb06d8a4
-
SHA1
d7feca9660996f58a087de0fb019683089b6de48
-
SHA256
266aba3c76dc29ae2cdc7340079dcb6e73f2638bbfc6e1df805641edaae68efd
-
SHA512
aec12fb21021b56dafc7aec8fceeabbdc82da157ecbf8209f07ffbb29f2c561bb68a3db345a993d57ab9de90c415675522c267dfda460f8f89cfcea175e7e01a
-
SSDEEP
12288:Wcaw5Y2dAkP4gJa55cwvhlyBxWjQi7jD6X3vPnILRq8gmG9L1f2Lxi73AYPVxo:WcayNdAQ4owaMhcWjQqjD6HvvIy1+oMI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-