General
-
Target
0a3c97908cb8e60ccc54adc3cafcbc90_JaffaCakes118
-
Size
1.2MB
-
Sample
240328-trc72sae4y
-
MD5
0a3c97908cb8e60ccc54adc3cafcbc90
-
SHA1
2bf7f6f9234dcd988f3325817a292fd733b031f6
-
SHA256
5c3eecd526f11750a1d184cb96d43897e711cf0ed6b179219f92f24b673847c8
-
SHA512
6a9f3b67e7f42c8c11ba4c5913fd2af19398dd9d3ce1e98d177c1eb83d6dafb642d9755c91610a9eeab328a3ab993988e6e0f97a29af46ca1bd98471bbc8c769
-
SSDEEP
24576:8KGHJkwmn9mDFNubiBLTQE4nV0WcrzRZ9aONUmJpkkw:X9iBLTosHf9aONUmJq
Static task
static1
Behavioral task
behavioral1
Sample
0a3c97908cb8e60ccc54adc3cafcbc90_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0a3c97908cb8e60ccc54adc3cafcbc90_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acpl.net.in - Port:
587 - Username:
qcesd@acpl.net.in - Password:
Hi~M)?*G~-Zd
Targets
-
-
Target
0a3c97908cb8e60ccc54adc3cafcbc90_JaffaCakes118
-
Size
1.2MB
-
MD5
0a3c97908cb8e60ccc54adc3cafcbc90
-
SHA1
2bf7f6f9234dcd988f3325817a292fd733b031f6
-
SHA256
5c3eecd526f11750a1d184cb96d43897e711cf0ed6b179219f92f24b673847c8
-
SHA512
6a9f3b67e7f42c8c11ba4c5913fd2af19398dd9d3ce1e98d177c1eb83d6dafb642d9755c91610a9eeab328a3ab993988e6e0f97a29af46ca1bd98471bbc8c769
-
SSDEEP
24576:8KGHJkwmn9mDFNubiBLTQE4nV0WcrzRZ9aONUmJpkkw:X9iBLTosHf9aONUmJq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-