General
-
Target
74aad67a8bd018fcf59aa058b43e3b27_JaffaCakes118
-
Size
768KB
-
Sample
240726-s4dhxawhlp
-
MD5
74aad67a8bd018fcf59aa058b43e3b27
-
SHA1
c048bc934d5c0c9b6f8113f0baf5b8a0aa27c048
-
SHA256
d39694224bb45acb1c2410511705f1e7d1ff232d294a53a351eb2798fe447a51
-
SHA512
898a6fdff8dc062b12a260cc0a2872ff3d4b0ad335aff697738de3084170e81b259b3926f2699dd305b677c1cafb8cf21e8bea1f3412077abeca1e3d96e7d7fb
-
SSDEEP
12288:jEO651+70pKXQlNR6O9KklXpm/rO9+wMI6Ubge11o4X:IQml5mq8Rxeno
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.harshmangroup.com - Port:
587 - Username:
[email protected] - Password:
Godwin@1234
Targets
-
-
Target
Scan G-0034905.exe
-
Size
706KB
-
MD5
0750fbb58decf9979679f3950a17ca3b
-
SHA1
678d6e5caf41dadaccac41d9d3854ee9d1b32b55
-
SHA256
58fca7f53b148930126a886b687c15d5810557d0034ec75261dbd94c90698031
-
SHA512
04ccf4e5598a8e8eaa6296853369a1fb35ae852e38981568a613a9a7d27b957088e954948d4133874d68e95b42f2779b9995155650584035001895fdfa040cd1
-
SSDEEP
12288:FEO651+70pKXQlNR6O9KklXpm/rO9+wMI6Ubge11o4X:mQml5mq8Rxeno
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-