General
-
Target
0aa83d38a0a921f55fc7dfe5196ea0ba_JaffaCakes118
-
Size
388KB
-
Sample
240328-t34t5sbf57
-
MD5
0aa83d38a0a921f55fc7dfe5196ea0ba
-
SHA1
f4a98f3ae0d72390e500cdbf03ce738f065e07e8
-
SHA256
bab2c1d1ae18b242e7af227b02a909c9c46eb67723c76e7cd560b6cb3ad80907
-
SHA512
dc93fd468a83e0f276c5aa6059c31be61afcb78a775313bf6d909c7444fd7f67e6aa1b76b61c8235cf3e229de76bdb51f65f149098306b62afc95cc993733922
-
SSDEEP
12288:90tbSBktjT9l6dUMNQUmoQZz++uDAGGWVG:2+Bk1T2HNhfay+usac
Static task
static1
Behavioral task
behavioral1
Sample
0aa83d38a0a921f55fc7dfe5196ea0ba_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0aa83d38a0a921f55fc7dfe5196ea0ba_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.timsonlogisticske.com - Port:
587 - Username:
info@timsonlogisticske.com - Password:
timsam2015
Targets
-
-
Target
0aa83d38a0a921f55fc7dfe5196ea0ba_JaffaCakes118
-
Size
388KB
-
MD5
0aa83d38a0a921f55fc7dfe5196ea0ba
-
SHA1
f4a98f3ae0d72390e500cdbf03ce738f065e07e8
-
SHA256
bab2c1d1ae18b242e7af227b02a909c9c46eb67723c76e7cd560b6cb3ad80907
-
SHA512
dc93fd468a83e0f276c5aa6059c31be61afcb78a775313bf6d909c7444fd7f67e6aa1b76b61c8235cf3e229de76bdb51f65f149098306b62afc95cc993733922
-
SSDEEP
12288:90tbSBktjT9l6dUMNQUmoQZz++uDAGGWVG:2+Bk1T2HNhfay+usac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-