General
-
Target
bc82e85e34abc9e5694549dc5235df1e_JaffaCakes118
-
Size
412KB
-
Sample
240618-r6sj6sybkf
-
MD5
bc82e85e34abc9e5694549dc5235df1e
-
SHA1
074e325d0907e87adf4fe8ccec600e7cb2ab7736
-
SHA256
6f5843d4fba7f06fd01a4b08e25295497ba196a5d070138bcc6c4f860d2e01f0
-
SHA512
87fde58b98e2fa408be73cda556809341d11ce63df64c9579d62c82d51a9fa340eca822d65c3f57d883ada5615c24e2bc99909c7588607ae6acd0206818837ec
-
SSDEEP
12288:/fdnqvnq2ee9wY6h4bvltbgmudF3tWlbtmYL2Q:dnqvq2nwR4bXqvtWFSQ
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR PRODUCTS SUPPLY.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
REQUEST FOR PRODUCTS SUPPLY.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.caterdevice.com - Port:
587 - Username:
[email protected] - Password:
dhh114
Targets
-
-
Target
REQUEST FOR PRODUCTS SUPPLY.exe
-
Size
762KB
-
MD5
47f363f18aab493da421c6bd96a199c2
-
SHA1
5586e81bd878e709d449e083febf7ac87496b5f3
-
SHA256
31e9e7ca798fc5177eb571c001d4d7ae44e141818fa31fb8fe654d44afe3df53
-
SHA512
f359edde2841c785e7997a3151d060f22f914a767d53961b075ea240ad1e9c0b86a6780f09c5afb9aaaab7e614239830ba222764a6698b0e558c2f4881865dd5
-
SSDEEP
12288:6iTzYG1w0wODUfB1gomk2UB5LuxZ7f3LeOp8lqW6fTI03NdAA:6iTz/tUf5mkv5KP7fbeOpac33A
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-