General
-
Target
e1825199b05949054ee72d31415a8a63_JaffaCakes118
-
Size
820KB
-
Sample
240915-cp52ls1apf
-
MD5
e1825199b05949054ee72d31415a8a63
-
SHA1
2d6eba1bdec462e828b56ba947aab3863d525449
-
SHA256
76fbcd12b4067240949298ef0a8a970788e15808985d7f8ac37660816558db49
-
SHA512
65b627633dbe21379bcb3dc326b38e6939c8a2d9595729b15951dbabddb57b4f3cb975c65ce7a3fc1f9a07a7a13cf762334263eb8eb4f8eff4f83330d103c77e
-
SSDEEP
12288:MZdvG9gsBqk1k4z2p6CNndyXVfdyZbWeHkxQUaUSJ8PA1um2Tetqx:cG9gsBKG2cCXQfdyFWQSOJoAZ2iA
Static task
static1
Behavioral task
behavioral1
Sample
BL draft pdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hermanusbearings.co.za - Port:
587 - Username:
[email protected] - Password:
$Victory2019$
Targets
-
-
Target
BL draft pdf.exe
-
Size
758KB
-
MD5
7e7f55f473bc65b1ec8faa71fcb79092
-
SHA1
5875cdb728cb9523060b9c96265c55427381ad31
-
SHA256
7d51edd0feeee939f61acbc7ba9271fc6d034095076929d866dc6285c44dd02b
-
SHA512
480b21afa715943de6d9193783d91d0b34c0980b4f40988b3f79add526b70142fe5f3a462544ce0aab1cb1f232c9c1304e46a69737fb1625ac7111138710a664
-
SSDEEP
12288:mZdvG9gsBqk1k4z2p6CNndyXVfdyZbWeHkxQUaUSJ8PA1um2Tetqx:2G9gsBKG2cCXQfdyFWQSOJoAZ2iA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-