General
-
Target
JaffaCakes118_5936715a6a40ec84592e71ccfdfc1daa
-
Size
338KB
-
Sample
250107-kqm67avrcq
-
MD5
5936715a6a40ec84592e71ccfdfc1daa
-
SHA1
380440d5690a8ed799138022a7b7678c0323c2bb
-
SHA256
3509582c5fa8e6a4cc257c72e67eec511a90790a60185bce44303fc2c39be80c
-
SHA512
d6610529fd75087bee83fc33cbc57ba1ae1ce81ab4c8e98e57b1d0b7b489cc6116db3bc6c58bc5b9c8a906d41da05305a77d90db989f0e375006fb9c42de032b
-
SSDEEP
6144:GBlL/HO9V9T1HKlyBtCv1KIhxSVabyXOylMYZ7Q/K:EtQF1H0yB01L3Yau+7YVgK
Malware Config
Targets
-
-
Target
JaffaCakes118_5936715a6a40ec84592e71ccfdfc1daa
-
Size
338KB
-
MD5
5936715a6a40ec84592e71ccfdfc1daa
-
SHA1
380440d5690a8ed799138022a7b7678c0323c2bb
-
SHA256
3509582c5fa8e6a4cc257c72e67eec511a90790a60185bce44303fc2c39be80c
-
SHA512
d6610529fd75087bee83fc33cbc57ba1ae1ce81ab4c8e98e57b1d0b7b489cc6116db3bc6c58bc5b9c8a906d41da05305a77d90db989f0e375006fb9c42de032b
-
SSDEEP
6144:GBlL/HO9V9T1HKlyBtCv1KIhxSVabyXOylMYZ7Q/K:EtQF1H0yB01L3Yau+7YVgK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/kivlxw.dll
-
Size
20KB
-
MD5
575dc70fae96e23a93aef3ebfdfb525b
-
SHA1
7589bbf471165323d4c0e92b8be101d95cbbeb2f
-
SHA256
bc3cc067575a5ec3bd8fb5d1329b6f32586fd09f038fc5fafac92c2da081711e
-
SHA512
e385b8286ffeab6252e6b99a1434b9c7526edf128e6558718add8edf0b60e24a9fc82aee34986fb517907ac966dbe7847d0115b53357f49d43c46acd1dc0a334
-
SSDEEP
384:2wUx0iyAIXYjOt8coEzHz+L8VJa9/zMJqkaVojM:2wUx0iyAIoKDzHzL4MJqkKo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-