General
-
Target
f4b5a7fdb7785e2b453d01eabd039e31_JaffaCakes118
-
Size
530KB
-
Sample
240924-3ja76avcme
-
MD5
f4b5a7fdb7785e2b453d01eabd039e31
-
SHA1
e8c70fd8b0ccac81b76f5ac27a38ce6ecba795d7
-
SHA256
efda0bc445ac4d2157fc1a1b848b6a7f7b938211527281c0866540f19772cf1c
-
SHA512
7d9bb3bad662183e55a45d92d0b36a29cdc114572f48068227194b3d8ff1c496dff7eb1700f236c9b2879c1d26ad92283fa27044d20909f6d484b6806d0f6c8f
-
SSDEEP
12288:tJIfsZZCtY3RY8B7lR52vLUiiaY5iD0ItMQLZ4V:t+SctY3Rf3MfY5ioItM0s
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.shakurjay.com - Port:
587 - Username:
[email protected] - Password:
zpwXtxm7
Targets
-
-
Target
f4b5a7fdb7785e2b453d01eabd039e31_JaffaCakes118
-
Size
530KB
-
MD5
f4b5a7fdb7785e2b453d01eabd039e31
-
SHA1
e8c70fd8b0ccac81b76f5ac27a38ce6ecba795d7
-
SHA256
efda0bc445ac4d2157fc1a1b848b6a7f7b938211527281c0866540f19772cf1c
-
SHA512
7d9bb3bad662183e55a45d92d0b36a29cdc114572f48068227194b3d8ff1c496dff7eb1700f236c9b2879c1d26ad92283fa27044d20909f6d484b6806d0f6c8f
-
SSDEEP
12288:tJIfsZZCtY3RY8B7lR52vLUiiaY5iD0ItMQLZ4V:t+SctY3Rf3MfY5ioItM0s
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-