General
-
Target
1af633d9c7c69c2580885c50954c82e6_JaffaCakes118
-
Size
528KB
-
Sample
240701-ml3r7azdjr
-
MD5
1af633d9c7c69c2580885c50954c82e6
-
SHA1
a4a235316d674bd58fbda13371a9d31e125d9c0d
-
SHA256
f10385db00f8fe0775673e837ae1d2a343e48dc35d787376c31634225fd97902
-
SHA512
7096fa67fff276f3571596c89391f0f62625d3a0560acb84b7dcd31998058e55d08cfc212fc7659a4d63bfd715e8e6b919683a1a7be15c589f19209eb0b4f2e2
-
SSDEEP
12288:MEgkvTd6kItDUeSlImFygclJxtjWJDkMHlPsmkwv25o:M1kp6kpBtcLxtjwrlBIo
Static task
static1
Behavioral task
behavioral1
Sample
Turkiye Is Bankasi A.S Ödeme havalesi dekontu 15022021.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Turkiye Is Bankasi A.S Ödeme havalesi dekontu 15022021.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.corroshield.co.id - Port:
587 - Username:
[email protected] - Password:
kramatjati1945 - Email To:
[email protected]
Targets
-
-
Target
Turkiye Is Bankasi A.S Ödeme havalesi dekontu 15022021.exe
-
Size
663KB
-
MD5
be23fa0d5c3d9497baa5f7cb345831ba
-
SHA1
9c53967f6f57c2c72e5f7816df0ac420fea848d8
-
SHA256
a798b16a0757f66a69a632fa0b55e1ec08bb4e34dd93f67ebfc405fc583b78e6
-
SHA512
c246fecddef537ef76ec2f26992cd5f7cfa4272e1058b42df625480e7b29007b17d36fe6bc7b481adf1cdaf93216c84c0fc54612f73e2890654b7c0fabf5bf29
-
SSDEEP
12288:y3P7M56UxElCH8YF8hiNF184sVdWauehe4pOEuSWsuMrOfVoMY1TaPbwVTMsMf:yzMBxBcY5f84sFh19uhsBrIVoXa8tT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-