General
-
Target
ba7f44b5f3e506f56d46fd9ed90571ea_JaffaCakes118
-
Size
395KB
-
Sample
240618-jf78yatcpb
-
MD5
ba7f44b5f3e506f56d46fd9ed90571ea
-
SHA1
4d31abdd8e0d0f6e06c55a03a7280f60a4dd2d93
-
SHA256
43e315e229ebf7e78014a10aac9a2ecf2803a4b7f92fbf8eebc5fd445418e807
-
SHA512
580a3d3dcce807512b6f2be4de65a9c5ed361112e40bdd7aaca34b880562e6c4f89ce3f9656b742cdc1e8be0676730f7e0bdad6a3687b1f196928c26bdd3a551
-
SSDEEP
6144:DUODGI2tL75tY51lXG8z4rSi63Ie6OOpXDfokp+9SywITY/:4ODGI6L7o5Xr4r06OS+9iIY
Static task
static1
Behavioral task
behavioral1
Sample
order_filter.pdf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
order_filter.pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hovventech.com - Port:
587 - Username:
[email protected] - Password:
vkNKQ*t6
Targets
-
-
Target
order_filter.pdf.exe
-
Size
468KB
-
MD5
d274810bf907e0ce7fd27dc2dad22b39
-
SHA1
4c9373f2bea4dfddb57cebbe4a2a5bdf38d409f5
-
SHA256
c2b44b87549e6b32d9693351bcb48781100e91f1d86ea77c05d85f90b8698a6a
-
SHA512
b1faabae7c92e4daa0a0c6487b27521e247457189831774aaeafa3774575974fe9fbcb458f5b384fa4320f910a31361ce6b191e34f219ab54abca77cbddc27d3
-
SSDEEP
6144:ib1/tSrYrju+7ntYX1B/G834r+U634eu+mpd/7oqh+HSyaITjh:ib1LL723//4r8u+O+HAI/h
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-