General
-
Target
116207c86c15e00b7b9020463d638bde_JaffaCakes118
-
Size
615KB
-
Sample
240328-13n71sae99
-
MD5
116207c86c15e00b7b9020463d638bde
-
SHA1
73b841c8e80b4c15ed250d19b45e66b9794dcb27
-
SHA256
df5f68505b5c34a2d0283effd3a88a2ce2b1e9d95fe0fd77aa20ff52f1c089c6
-
SHA512
aae54d99200cc5db697cd75bddc94c2f544a972812b4007856fca97f5d22c9498ea7a1cd45ae792c9db1cdce381a959f8c52331b566cef6a83a8b3eff2e7c6ab
-
SSDEEP
12288:tNcB8KNRlUL5i2BYXWxfoStlgPRvHKYW:t68KN6NiKfo9VHK3
Static task
static1
Behavioral task
behavioral1
Sample
116207c86c15e00b7b9020463d638bde_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
116207c86c15e00b7b9020463d638bde_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scooptechuae.com - Port:
587 - Username:
info@scooptechuae.com - Password:
scoop@1234
Targets
-
-
Target
116207c86c15e00b7b9020463d638bde_JaffaCakes118
-
Size
615KB
-
MD5
116207c86c15e00b7b9020463d638bde
-
SHA1
73b841c8e80b4c15ed250d19b45e66b9794dcb27
-
SHA256
df5f68505b5c34a2d0283effd3a88a2ce2b1e9d95fe0fd77aa20ff52f1c089c6
-
SHA512
aae54d99200cc5db697cd75bddc94c2f544a972812b4007856fca97f5d22c9498ea7a1cd45ae792c9db1cdce381a959f8c52331b566cef6a83a8b3eff2e7c6ab
-
SSDEEP
12288:tNcB8KNRlUL5i2BYXWxfoStlgPRvHKYW:t68KN6NiKfo9VHK3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-