General
-
Target
fa46798f4e54f694ff1302735d4f0b59_JaffaCakes118
-
Size
391KB
-
Sample
240927-mzf6ca1gle
-
MD5
fa46798f4e54f694ff1302735d4f0b59
-
SHA1
c0ba2a3615cea3ab19ebb76521ff4f90f92af260
-
SHA256
873e880c2bd7d4030d405cb658a4925c3a16ecc83cd59e0ed230716ebb5de6af
-
SHA512
28ae9e91c09eb539652f353e120c1d3dd348ad033cc87b73e452d19abe880d78882dbe7d1ad689d2f597e4581628340d1f28e1cff451c9afe69fb0556225e258
-
SSDEEP
6144:bdA2CsOe8UvkZXnNRwUu7IZxCY3lotfoH8Zze7PWsURKlcvV1kKq53+g3Cf7KK97:C2VRB4wtgxn3ytieOeKlcv/q5NK7N97
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JuCbr%o3
Targets
-
-
Target
SWIFT COPY.exe
-
Size
467KB
-
MD5
798e34819f711e1fc25e3900dd52ef6e
-
SHA1
b6f72e5af767d89127e1ad736b8509c2f9996c6c
-
SHA256
15ef597d7c75003efe90c9a85c5a80066671c664a1db0ea6be28c0e0f1370be3
-
SHA512
8d56d8dc8767400ca27ad1f37a8f17ec595645daff959cf8f216e320c3eba89cc9fa5da6c5687f72f72839efc4fa6c6f5eb4c914514a519325f218d350092e71
-
SSDEEP
12288:Rsx8fJGewRGnn3GtqwwiKhcvHo5fK779a:RhwR6W/wiHnM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-