General
-
Target
f6aaf3bf6e57fd2fd94681b4539d3508_JaffaCakes118
-
Size
384KB
-
Sample
240925-xqeahavfqc
-
MD5
f6aaf3bf6e57fd2fd94681b4539d3508
-
SHA1
3626b8975d4a78efce5121c3f33bb51692082517
-
SHA256
040e4f311e84f09dd7b6c0d620deec64d1a7fad7d583736eac39ec353b47e334
-
SHA512
7ae62ad022c211fdc9ac7291c6dea58b121b51822af3515ef4df208d5545e1980e21264a5ca21738a0a02de3136bf33db3da49700dac7d3e801b085447ebf3d2
-
SSDEEP
6144:7EKa2nxtTpx1ZWProrWAI9egvyxj2fsthhfmnQeBEtUqMrjyas1vjFm/EPW:7EKjxtn2yl2fwqQekKyzjIkW
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.strykeir.com - Port:
587 - Username:
[email protected] - Password:
iyke112@@@333
Targets
-
-
Target
f6aaf3bf6e57fd2fd94681b4539d3508_JaffaCakes118
-
Size
384KB
-
MD5
f6aaf3bf6e57fd2fd94681b4539d3508
-
SHA1
3626b8975d4a78efce5121c3f33bb51692082517
-
SHA256
040e4f311e84f09dd7b6c0d620deec64d1a7fad7d583736eac39ec353b47e334
-
SHA512
7ae62ad022c211fdc9ac7291c6dea58b121b51822af3515ef4df208d5545e1980e21264a5ca21738a0a02de3136bf33db3da49700dac7d3e801b085447ebf3d2
-
SSDEEP
6144:7EKa2nxtTpx1ZWProrWAI9egvyxj2fsthhfmnQeBEtUqMrjyas1vjFm/EPW:7EKjxtn2yl2fwqQekKyzjIkW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-