General
-
Target
024329b091275921183104901dd986ef_JaffaCakes118
-
Size
308KB
-
Sample
240328-lksp6ahe51
-
MD5
024329b091275921183104901dd986ef
-
SHA1
6cd4de1da31572dd9e30c991cb4dfc68dff4e291
-
SHA256
c84323551b8814bcdf1b176cc38f197a00025817e93f6c8aefaa7ab180187cde
-
SHA512
80a7e37a242dba50ceadd9b8b46d2fb38c7eaf408a7175f8752698b1e08ac982ad841125198c53d0e0b8dd502b10183e56eeb3709e75181082071089c44d53fe
-
SSDEEP
6144:F8LxBsxzFUP5VmgKag/0FrOKWh+beUFDC1WbazwBnNDL6f22cc:/VF+KpOKhFUFDt2ghcR
Static task
static1
Behavioral task
behavioral1
Sample
024329b091275921183104901dd986ef_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
024329b091275921183104901dd986ef_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/wwovt.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/wwovt.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2006818448:AAEbXxhowuXbSCsvvlr5pUkJzFhgKnfWtso/sendDocument
Targets
-
-
Target
024329b091275921183104901dd986ef_JaffaCakes118
-
Size
308KB
-
MD5
024329b091275921183104901dd986ef
-
SHA1
6cd4de1da31572dd9e30c991cb4dfc68dff4e291
-
SHA256
c84323551b8814bcdf1b176cc38f197a00025817e93f6c8aefaa7ab180187cde
-
SHA512
80a7e37a242dba50ceadd9b8b46d2fb38c7eaf408a7175f8752698b1e08ac982ad841125198c53d0e0b8dd502b10183e56eeb3709e75181082071089c44d53fe
-
SSDEEP
6144:F8LxBsxzFUP5VmgKag/0FrOKWh+beUFDC1WbazwBnNDL6f22cc:/VF+KpOKhFUFDt2ghcR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/wwovt.dll
-
Size
30KB
-
MD5
3db889c292904a3fcefaaea76ca6dc24
-
SHA1
b9e0cf954f3cbf80245e32633a01644f69a6f0d8
-
SHA256
15efdfbe9775fdeb2a57a01564006d1322e9f7815c8f4325d88d6403fe809238
-
SHA512
7abcdc3b2bcf849fa359010ebe04b587e9e7f8b3222a949f03fd5766506a0f612ab875bb205a60a7fe170002177c0a3d841965d902a175656406ff10df345047
-
SSDEEP
384:6X21oCNE0oHVOBiEN1EDzSW4Ys7//YriYpICfKSZP8ZWYahHT/yKetlOmdmSlmOW:6m1DE00OBiOW4L7Hw/phiZQhH7y3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-