General
-
Target
e32e0bb4ffc49aad593f7f7119a61e21_JaffaCakes118
-
Size
419KB
-
Sample
240915-xmtk1sxhpc
-
MD5
e32e0bb4ffc49aad593f7f7119a61e21
-
SHA1
9d63f7418fbba6270d67abbede59439c8836323b
-
SHA256
d3d05e0a1f06d4ea96b83681286dc9f230a4bcb82a9ae4fc9bb61dc20725e207
-
SHA512
9aa918249941f9bfa521306cf63b977f838e84857f99a7760ad5596b40085ef188c1010ae0cc8b30e56dc9688d1f764ef64929d4d997b8b9ec5fd416e63e0590
-
SSDEEP
6144:TVwhlqlUtcPr78hefiw8FqVvIG87tSqYWrZHUg58hMTFcygeF/7qv5yhflKj:BwHqlUth4aw8099ctSqNUOSyPWWE
Behavioral task
behavioral1
Sample
New P.O 00076855.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
New P.O 00076855.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bulletlogistics.in - Port:
587 - Username:
[email protected] - Password:
o&0}lBFN8a7v
Targets
-
-
Target
New P.O 00076855.exe
-
Size
429KB
-
MD5
157bab4816b04ac920b174a76e54befd
-
SHA1
c7e1396c45839ac565b66152e4eee666239f7b90
-
SHA256
31bb52b28ff0c3c8aebce5ed265a1463e934d089030c38dc88d94ecb11cad660
-
SHA512
6a6093b80dbce529e8a2d2f0dc7d1fe1f7e3167a0bba08661b016646819a283f4313699ed955a0620301d0954b00a7a5c4ae6e58798bc508a7474d1e0761686a
-
SSDEEP
12288:QLdpoLWMr2QW3Y9XQPsNjDAm0+focuBJ0m1gss:QTyWMrzWo6gDT0l1XGss
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-