General
-
Target
e2d78887a2f8635e4ea5dd767fd3ac88_JaffaCakes118
-
Size
492KB
-
Sample
240915-s98k8s1dkc
-
MD5
e2d78887a2f8635e4ea5dd767fd3ac88
-
SHA1
e8c6a218ea38f27ef8c15df38360dccc554a3de1
-
SHA256
ef88496bd2bebc8225e15f3caa105b7c7f0c9a004ee41c83423ac99bfb9a9ef7
-
SHA512
68296d8bc286f46c770057c591cf3816c57a480eaca17f26d13d250f7287a7d1518f12211d98f087024ce4b3bdb608d06990915ddd97d4d0e80607f5902591e4
-
SSDEEP
12288:/+aJZvzhDSVdRIU8bo/hvDVjTuagVpkXonJ5rXkujsSr7:/+SzhDSVdqbo/Gangr0uISr7
Static task
static1
Behavioral task
behavioral1
Sample
g9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
g9.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.desmaindian.com - Port:
587 - Username:
[email protected] - Password:
(*IlJex6
Targets
-
-
Target
g9.exe
-
Size
977KB
-
MD5
c572b5b67f1b0f70d7616358e29fbf1b
-
SHA1
239bdec12f8a2a3e7004a4ea0aae11a28c6c9d26
-
SHA256
f57d9f56d91abf4cfcd4eceec70dec81a629e9547469a775d1740b3f97175ec9
-
SHA512
a356c2c0293e0e5a87e2695f5583c3c7d315704dd84e81775eb77a67f88c2ba643df7de9bf9861e3c33c7c2794806be596edb2983fe87304a161ec67090cfa78
-
SSDEEP
24576:nnLZiPt42JIudVwFZbZeKRg8yXjdXc1f0aVnf:lilqWVEbZ3yXjOykf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-