General
-
Target
f0714637753e9138f2b4119fb5e46086_JaffaCakes118
-
Size
515KB
-
Sample
240921-xk64bsxglc
-
MD5
f0714637753e9138f2b4119fb5e46086
-
SHA1
85eddb2e153391b95b920447fd4741c527e0f411
-
SHA256
970c4fa87fa25321d0c21249ef8eae46ab39061b3839266b49874e754c24d146
-
SHA512
0c60e068ab6aebb65e34b91e0cb69fd683a2d5ec1b26c54f03ab529dcc9e5c9223ccb49ba572223600576bd531aef18680063cf51d0d2cf45cfc2ac6f3a919aa
-
SSDEEP
12288:R3epevJWiIWxP4UHyB5oOcsXHuYfnCkVL4lLKQhSZvcO9qBdiG3:gpqJWiVxP4UHyB5NcslfnCkViWKlnn3
Static task
static1
Behavioral task
behavioral1
Sample
Scan docs.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Scan docs.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Simple262627
Targets
-
-
Target
Scan docs.exe
-
Size
1.0MB
-
MD5
667dff5fe5e685c40701d59e912fab36
-
SHA1
2039240f535f75dbb43abfd7f9f8883593b5723a
-
SHA256
a863c5d16b5aa24f51529b7482d42401caf457ef0560545725be60bbbc16bd6a
-
SHA512
02effb668427a14349a276f5df9a25e321f5cf243f4bd2b7b6d768048c8bd0ee5215c6601dfce1b9a9151bcf796b584405c3af64e9dd320c9148eaaba35c25e8
-
SSDEEP
24576:wgIIOXml5rD77MgdFjbh9EbKUFZzVdfML:wa9vb75IZz+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-