General
-
Target
efc62670995aa340d7f3beaf77d76892_JaffaCakes118
-
Size
844KB
-
Sample
240921-pfs2xa1gka
-
MD5
efc62670995aa340d7f3beaf77d76892
-
SHA1
323f1bba06271ddca06298d409bbb4d3546f44f1
-
SHA256
16d6e9cb49079e95149c646669ce11aad318a215c62db593a85005556e3a8388
-
SHA512
07d3a917178e47a0ff3405cc3e831ee8dcf536a9b763627a1d38289d6a3d9d0e1e692cba71967c9bd49953d14456a024cc285425dea3471b52c8c1ed97a50b67
-
SSDEEP
24576:8ejmukaCcUAB2HXyaip+5EwO4634kijKHTkG6QYCAG:saKAB2HXyjA5/K3cMVYCAG
Static task
static1
Behavioral task
behavioral1
Sample
Payment Notification.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Payment Notification.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zstcznz.org - Port:
587 - Username:
[email protected] - Password:
makonyo@2017
Extracted
Protocol: smtp- Host:
zstcznz.org - Port:
587 - Username:
[email protected] - Password:
makonyo@2017
Targets
-
-
Target
Payment Notification.exe
-
Size
1.3MB
-
MD5
49e368a336455ce81b0cb888c96ee2c3
-
SHA1
d6dfc279d33ce1c64e895694bb445b382cd6a489
-
SHA256
5d62f354ae4940fe2e4d559490a9d34105113dcc6f3af7941e32457870ddf391
-
SHA512
21ad50c57b217d15305634a549359dfa74474e7fd2dcc4508dc12ed906f72a4b9659376d519a5fea540eadff4229e0fe0a081b781994cf2d892d1c6e57c9b0f6
-
SSDEEP
24576:rtb20pkaCqT5TBWgNQ7a1VeE7j6s7Tdv5Ee5H2At7QgyvOgTd3zYlyv6A:oVg5tQ7a1VFnEep2AVlIzpzYlw5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-