General
-
Target
02a34bf8a236b27d487f211a729d1624_JaffaCakes118
-
Size
811KB
-
Sample
240328-ly332sff58
-
MD5
02a34bf8a236b27d487f211a729d1624
-
SHA1
33da43d0e93c495d7de316268f2a437204dc34e1
-
SHA256
0743b68b011b64921ce7d5f306410a104d2b856d538188be26f1fca7926a8e7a
-
SHA512
28474ed5f4db80f0789206cd60e952e1a12e9bb21290fee99dc1b6d8b69f3b3b4e41c1f257e4a44901bce2c39b0eaf9dea094305d7ce953b38c2123b09e3fd27
-
SSDEEP
12288:Cy8TC5hFG5yzMxR/QPNtcEyM3MgghFeGb98O4Y3WsY4mAz6v3SSQ/+WRX:/8TqfG0Qx4tOAMgAbP4nsv
Static task
static1
Behavioral task
behavioral1
Sample
02a34bf8a236b27d487f211a729d1624_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02a34bf8a236b27d487f211a729d1624_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cabletraychina.com - Port:
587 - Username:
sales@cabletraychina.com - Password:
Jhdq2017#
Targets
-
-
Target
02a34bf8a236b27d487f211a729d1624_JaffaCakes118
-
Size
811KB
-
MD5
02a34bf8a236b27d487f211a729d1624
-
SHA1
33da43d0e93c495d7de316268f2a437204dc34e1
-
SHA256
0743b68b011b64921ce7d5f306410a104d2b856d538188be26f1fca7926a8e7a
-
SHA512
28474ed5f4db80f0789206cd60e952e1a12e9bb21290fee99dc1b6d8b69f3b3b4e41c1f257e4a44901bce2c39b0eaf9dea094305d7ce953b38c2123b09e3fd27
-
SSDEEP
12288:Cy8TC5hFG5yzMxR/QPNtcEyM3MgghFeGb98O4Y3WsY4mAz6v3SSQ/+WRX:/8TqfG0Qx4tOAMgAbP4nsv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-