General
-
Target
0a319fcaff75155af14b98f3292a1b1e_JaffaCakes118
-
Size
447KB
-
Sample
240328-tqaersae2y
-
MD5
0a319fcaff75155af14b98f3292a1b1e
-
SHA1
0a15198b36eea03b3bec2e599e8c5cc8830fc6b2
-
SHA256
405b3676366ea03fa6a3673499137339c4abe643b9d73eb027bdd7bb255788de
-
SHA512
bb823d2659a8feb5cd9bbc89cbaea6734873772c848278a8599385983307c82802bfa5e56d1310475a5d1ad4db1c1f5f27d9c93ac37f470e80f9511613e29505
-
SSDEEP
6144:G3kJbU1JhQdf/65DMXqCFdxTRHDiK4KhrR+gAj3dDpS3GsLl4hHJjvY:IebU1/oKHIdxTNV7b+gAjNDk3ziJjw
Static task
static1
Behavioral task
behavioral1
Sample
0a319fcaff75155af14b98f3292a1b1e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0a319fcaff75155af14b98f3292a1b1e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
ken@kengrouco.xyz - Password:
Everest10
Targets
-
-
Target
0a319fcaff75155af14b98f3292a1b1e_JaffaCakes118
-
Size
447KB
-
MD5
0a319fcaff75155af14b98f3292a1b1e
-
SHA1
0a15198b36eea03b3bec2e599e8c5cc8830fc6b2
-
SHA256
405b3676366ea03fa6a3673499137339c4abe643b9d73eb027bdd7bb255788de
-
SHA512
bb823d2659a8feb5cd9bbc89cbaea6734873772c848278a8599385983307c82802bfa5e56d1310475a5d1ad4db1c1f5f27d9c93ac37f470e80f9511613e29505
-
SSDEEP
6144:G3kJbU1JhQdf/65DMXqCFdxTRHDiK4KhrR+gAj3dDpS3GsLl4hHJjvY:IebU1/oKHIdxTNV7b+gAjNDk3ziJjw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-