General
-
Target
03ea7c53e7ec3493b95d001834757070_JaffaCakes118
-
Size
471KB
-
Sample
240427-3x8etabd34
-
MD5
03ea7c53e7ec3493b95d001834757070
-
SHA1
b4e33a1015191357b619e83687fa1c3beb25e0bc
-
SHA256
447e51ac0d863eef5544c8a808743f24eeac45f0c889f61a21429904fc0f76b0
-
SHA512
6589ecf058e7a4369b9d1ae7cd98692146ec16ea6623b37bf5a2fc81d4b81c432e47aa65e12376a193f57bf7b1c3fe3733988a88b15d075c007c7cf5a183d490
-
SSDEEP
12288:bfKHS/FeVDK/CT2WSvfv8w9A+2hzEmM8UVoaIegU:V/FeqCqWS3v8UZ5phd
Static task
static1
Behavioral task
behavioral1
Sample
03ea7c53e7ec3493b95d001834757070_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
03ea7c53e7ec3493b95d001834757070_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sologlobal@yandex.com - Password:
amblessed22
Targets
-
-
Target
03ea7c53e7ec3493b95d001834757070_JaffaCakes118
-
Size
471KB
-
MD5
03ea7c53e7ec3493b95d001834757070
-
SHA1
b4e33a1015191357b619e83687fa1c3beb25e0bc
-
SHA256
447e51ac0d863eef5544c8a808743f24eeac45f0c889f61a21429904fc0f76b0
-
SHA512
6589ecf058e7a4369b9d1ae7cd98692146ec16ea6623b37bf5a2fc81d4b81c432e47aa65e12376a193f57bf7b1c3fe3733988a88b15d075c007c7cf5a183d490
-
SSDEEP
12288:bfKHS/FeVDK/CT2WSvfv8w9A+2hzEmM8UVoaIegU:V/FeqCqWS3v8UZ5phd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-