General
-
Target
845a5f8a14c888ca950289cfd81f9702_JaffaCakes118
-
Size
585KB
-
Sample
240810-b5rngszfkl
-
MD5
845a5f8a14c888ca950289cfd81f9702
-
SHA1
6c83e9ee613bce1ed166133f6e9ab937c03d5dc0
-
SHA256
bc90563815f99d029a634bcefabd36454c7e56ea08614ecd37fb4c22b7bc71fd
-
SHA512
fb74900e060698fc9423d5b71fd2c00578579fe03ed44cbed79588637a3b9499005593b5692ccbb7a0da8cd8e522a0fa3520486b5b67cd2b5f91be1e58a2b9bb
-
SSDEEP
12288:4rkcSQrld21fNlRUudoc9wgYpxO2V7VnqB9r33hTSdBBBKZpzawVTMsM:4LPOjdoAYpxOk790r3JSyZ1tT
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.curidesigner.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
845a5f8a14c888ca950289cfd81f9702_JaffaCakes118
-
Size
585KB
-
MD5
845a5f8a14c888ca950289cfd81f9702
-
SHA1
6c83e9ee613bce1ed166133f6e9ab937c03d5dc0
-
SHA256
bc90563815f99d029a634bcefabd36454c7e56ea08614ecd37fb4c22b7bc71fd
-
SHA512
fb74900e060698fc9423d5b71fd2c00578579fe03ed44cbed79588637a3b9499005593b5692ccbb7a0da8cd8e522a0fa3520486b5b67cd2b5f91be1e58a2b9bb
-
SSDEEP
12288:4rkcSQrld21fNlRUudoc9wgYpxO2V7VnqB9r33hTSdBBBKZpzawVTMsM:4LPOjdoAYpxOk790r3JSyZ1tT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-