General
-
Target
9756289d21773a4aa80a20bbb4ca43e2_JaffaCakes118
-
Size
417KB
-
Sample
240605-grb9jaga2v
-
MD5
9756289d21773a4aa80a20bbb4ca43e2
-
SHA1
831eeb674e68759363d3d6109e0f51a04492394f
-
SHA256
791a1952802fb90ab83d9644b7c34783e2081144ef9511476060abe50b867f3c
-
SHA512
5246f53e0fc365cb66c750c51d64dd8eff92e2cc2ad20403f0d00c754686a1e2862128e11c7c5e0498c9874785b5ba2f0a8589b2de3be5d6e9507eed17b1b58b
-
SSDEEP
6144:EaEYEMpCPhoXnEkHWgjdG4bC6LAWgFPBdmmBydBqnTorpFVBcoseun7wrBbVrLmY:tEY2c7jA4b4Wgd+mBydBhnzseu7KBlvj
Static task
static1
Behavioral task
behavioral1
Sample
New Shipment nvoice No..exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
New Shipment nvoice No..exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nc$jcXy8
Targets
-
-
Target
New Shipment nvoice No..exe
-
Size
893KB
-
MD5
554be553969bba38ee71b2abe52ee6c8
-
SHA1
8d93b01450fb52f7b12187b17bf5c318fb79d858
-
SHA256
6c4e1f8d9d65712d50dd63f5ef8bce5c788afcec567f735e035f068d8c859341
-
SHA512
ec3f3a3d10f13e28a7e29f025a83dac249839cf2c1b59613200cd539808b388fd429b437c41b9feb07fa09ace3f58988daee0a5d4ff92dfc03481a30813338b2
-
SSDEEP
24576:BZD1cQJRl7oN0RhBIVduQVo28zUOR93hrZgQV/8:LJR+17Vo28d3hZ8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-