General
-
Target
04d8fd48d0eca936b08169690f737ae4_JaffaCakes118
-
Size
747KB
-
Sample
240328-nysneshd97
-
MD5
04d8fd48d0eca936b08169690f737ae4
-
SHA1
eb36cb2915046599ce1cb7337313f2acdc747446
-
SHA256
e3a2a9b0894a857b48f6d913204d7dbdd9830f2675fda2c2e2f4ae96635a4b60
-
SHA512
8091fc8ff5a01d3092ff87ca1a6296192e76572b2aeeba033e054393a6e5b8f14ee1ce025905063a2ed9610f5cbfbc12bf3046276154a8c5ef1a5f49e23fa9e4
-
SSDEEP
12288:HAAoh08OGQuZLvqJFTPZ/dPsWPaCz+DnwKFKxBVM8LPztkf5D6a96SW3:XnGQYTq9ezCzWQfR/7
Static task
static1
Behavioral task
behavioral1
Sample
04d8fd48d0eca936b08169690f737ae4_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
04d8fd48d0eca936b08169690f737ae4_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mighty.j0h@yandex.com - Password:
Prince11
Targets
-
-
Target
04d8fd48d0eca936b08169690f737ae4_JaffaCakes118
-
Size
747KB
-
MD5
04d8fd48d0eca936b08169690f737ae4
-
SHA1
eb36cb2915046599ce1cb7337313f2acdc747446
-
SHA256
e3a2a9b0894a857b48f6d913204d7dbdd9830f2675fda2c2e2f4ae96635a4b60
-
SHA512
8091fc8ff5a01d3092ff87ca1a6296192e76572b2aeeba033e054393a6e5b8f14ee1ce025905063a2ed9610f5cbfbc12bf3046276154a8c5ef1a5f49e23fa9e4
-
SSDEEP
12288:HAAoh08OGQuZLvqJFTPZ/dPsWPaCz+DnwKFKxBVM8LPztkf5D6a96SW3:XnGQYTq9ezCzWQfR/7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-