General
-
Target
JaffaCakes118_e87c1a7e4605479be4d0b3b50c69fbeb
-
Size
317KB
-
Sample
250110-tlqwysypf1
-
MD5
e87c1a7e4605479be4d0b3b50c69fbeb
-
SHA1
1aaf3316bcec23135f57124f5c7bea22847632ec
-
SHA256
27f9239f3d2f9959daf11273fd57a68301c81bc893d60b9b3a61e17fa87a55e6
-
SHA512
4308b478c4085092c0fe0a602c3e82da39fa7fad8911899a3547cfb5cd13491f39ceaada135a692044654c13bcf961dc2be98724c4a44301fb532534174b6d45
-
SSDEEP
6144:k+BS5gUeZOl/QwZdoPX84aW7WwT8ohhdv6DQ+JZGLoyr5djFhkGk4qGnBu9g:k+MCYBt4j7Twgv6DdOoyr5dJIGnd
Malware Config
Targets
-
-
Target
POIM101385.exe
-
Size
453KB
-
MD5
f1e3f54edbeffd5786fb49487872f2e3
-
SHA1
22418d61c9a779f6a1e651928ba86b36755abd78
-
SHA256
e66ed8d87430588f029d4ed6787d54de508b271fca3d2266023ae1f0c69d75e2
-
SHA512
c8a029af97c5ded5cb3aaccba31b6f0753d6a92c49c93f22e1cc20061ec2a29fd2d033b643e1fa4ea1f39f3cb1a9fa4980aae078c9a510e717ec294a260316a1
-
SSDEEP
6144:pBlL/cC95z7t6MRObOjPnEezm7m6mBmtRm+mQsUKCI887/+JUrhoItI8SCjegF5A:PObbazoTFQ99qX9NZQZ3The
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/cxapxirycmq.dll
-
Size
20KB
-
MD5
f9c99f7e3b80bd0757ccad6a4ee2c795
-
SHA1
e487ee3c5fc3d1e0817a8c5646ed042312a8ad83
-
SHA256
963d2beb680b2f7b490063c3f248ae28fdadec39b0b9542c4b79a48f07bbd907
-
SHA512
c4ed2f2dc2b6d79f3f37433023428bfe7607360e257864e29fab249619e666df5b00542640d89f29ae510f83e514b41eba14fcc3232e9416a0b8e248eb59b01c
-
SSDEEP
384:7ANhp0pWEbbJVpptCxAoNI2M+qjMoejTJ1Yl5Zn:Ghp0cEbbJPp/NQoyJ1Y7Z
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-