General
-
Target
0edf722f4870552e4d353492c0dc124d_JaffaCakes118
-
Size
629KB
-
Sample
240328-ythyjaga59
-
MD5
0edf722f4870552e4d353492c0dc124d
-
SHA1
3dde0ae1a64cf262ee265d4ccfa07f4bd9b3a40f
-
SHA256
1984e19ba7d38230238171cf956907134269323cbead0eaf3c2282506f950d95
-
SHA512
8d6f9c1b64e02e768289e11b76dff1853f9708fd8e0c1f433baeb4fcca3fb4321869fb33e20b964dbc011bcb6da47b38d618d628f4d82bc54b5687425be4ec4f
-
SSDEEP
6144:6h2cw7aeutHDtYHyVgTbIATfvDTsc9RI81J53MM/71ikipmW6EMccfE:6Mc7eutj2HShA58MTYcWJcM
Static task
static1
Behavioral task
behavioral1
Sample
0edf722f4870552e4d353492c0dc124d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0edf722f4870552e4d353492c0dc124d_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tniexpressworldwide.com - Port:
587 - Username:
nicole@tniexpressworldwide.com - Password:
DeEPFYi3
Targets
-
-
Target
0edf722f4870552e4d353492c0dc124d_JaffaCakes118
-
Size
629KB
-
MD5
0edf722f4870552e4d353492c0dc124d
-
SHA1
3dde0ae1a64cf262ee265d4ccfa07f4bd9b3a40f
-
SHA256
1984e19ba7d38230238171cf956907134269323cbead0eaf3c2282506f950d95
-
SHA512
8d6f9c1b64e02e768289e11b76dff1853f9708fd8e0c1f433baeb4fcca3fb4321869fb33e20b964dbc011bcb6da47b38d618d628f4d82bc54b5687425be4ec4f
-
SSDEEP
6144:6h2cw7aeutHDtYHyVgTbIATfvDTsc9RI81J53MM/71ikipmW6EMccfE:6Mc7eutj2HShA58MTYcWJcM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-