General
-
Target
4657696d5a566176711f7ed16b5ffa49_JaffaCakes118
-
Size
694KB
-
Sample
241015-hkrw3szhke
-
MD5
4657696d5a566176711f7ed16b5ffa49
-
SHA1
551c241fc2809a2e0fead94b64a71abba62f8359
-
SHA256
386e439c334cad078a1cb252fbfe436a79be4a9d652c0f36917e2723fd0e9523
-
SHA512
ea507f76c899ec0859c04af07fd108c4e1867ab98ef72a0c65bbea9ce965d7493745217f516b9bdc79615099054bd4669acf5fe2d66ce01fed87344a589a39a8
-
SSDEEP
12288:lv8UG81WBwVeQM/z1q8CoT1djUkLRTCLr+LcdLDLkOEw0u34/RllMSV:WUf1WBw8hr1tP6L8OEwsZfM4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
uscentral50.myserverhosts.com - Port:
587 - Username:
[email protected] - Password:
waters@789
Targets
-
-
Target
INVOICE.exe
-
Size
890KB
-
MD5
6f9adf26a738a2cbb5718f9e00c0d8d8
-
SHA1
4509f91bb3bda2adee0be97234966c273d0dffa2
-
SHA256
459be0406b2d513ddf97501c0340349f64cab90b6315d16e23e14e4ce0ae845d
-
SHA512
5a3bb2ee0b9dc0d633a54a3dd84ecaf05d56c1ae41b402440c27398b1eeddfc752e045a9adae48de2a452c03c7b6a22358dcbc3e32f561cc92054b97f88b74b2
-
SSDEEP
12288:Mftw6zHlEsDd9tmTYEui4JW+h1lWZSe+mI5y10E8uHvoHK7zTqFzKboZT0Fd:+woHlXx9iu3W+/lWZSmI5NE8ykKboyd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-