General
-
Target
ddcf53eb6f0b102e0836f80ff016b5da_JaffaCakes118
-
Size
711KB
-
Sample
240913-gn6c7syanf
-
MD5
ddcf53eb6f0b102e0836f80ff016b5da
-
SHA1
7043675e3304d7a52b56378c05c058093283864d
-
SHA256
f575b00c8617ae312ee2e6bb708a588c2e3ebf893ce9f46cb880efbef8679e07
-
SHA512
25f4807cda37c5baf284f5654c5bd9af3b2b6317b7bc23cf8112e7a018b1f51237fbd6290584087d59c6676672f3882dc4886f58c71a4ed97b02dfd131d19d2b
-
SSDEEP
12288:XKDolutzs7JQ31F/weUwDTekIrdlo1jUt1/A06xFtXnwcOD+VecpGIa0yVXNK2Og:XWeuvXorzkOfsIYzt3P155ypN1Og
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDER_ENQUIRY.PDF.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
NEW_ORDER_ENQUIRY.PDF.exe
-
Size
843KB
-
MD5
3636163fee6bfb2fd4a3a1f68a1e1bde
-
SHA1
9959c3c8385f15c60a60020adbab4825d7ed4bbb
-
SHA256
913bdba98e1faeffc0e7d2bcaaa4a4d9c7fa954747b2c53f4301670cd32645b5
-
SHA512
bef6480888dc57b9cc65755297b6d7dedbbf2935ab32289a1b3eadf7d2789f618a497abeccb3e3a2b25637d041eb8adc1cb00fba5b91edc93088b1d2edecaaed
-
SSDEEP
12288:YNtQ1L2cZPvq1igKj7QAdUJ60ixdtln2Sm7IVeCpG8+0eNHNw6K:l1fPuOQAYu/tNzlrtehN2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-