General
-
Target
13c300659a5ac464da6342c1a58fea3e_JaffaCakes118
-
Size
366KB
-
Sample
240329-aqsrkace6s
-
MD5
13c300659a5ac464da6342c1a58fea3e
-
SHA1
1d8a32e324ba6a74594162fa4f906c1ab5488c7a
-
SHA256
f519a7adeec97db32f536e9868c000842db13a165080a6f85a6d990c8e45dfb6
-
SHA512
55b1c4261310b8f9700016a0aa43b3a4b0e92278f264cf7afcc4ce45c222e1b9dd991a70c30904f4f3cc2f07f0f03f2b40c2b3914231e7cb2dcf061e52ca4727
-
SSDEEP
6144:MwHibQ+MkhBWTNGkGTRd8wFtzdwYEU4x53CCr0kYGbWJfXhUSAxm18yvVuLsBT:MsSBWAkGVdD7bqxYCAb20L
Static task
static1
Behavioral task
behavioral1
Sample
13c300659a5ac464da6342c1a58fea3e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13c300659a5ac464da6342c1a58fea3e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.romanservices.ca/ - Port:
21 - Username:
cleaner@romanservices.ca - Password:
Kakata2928@
Targets
-
-
Target
13c300659a5ac464da6342c1a58fea3e_JaffaCakes118
-
Size
366KB
-
MD5
13c300659a5ac464da6342c1a58fea3e
-
SHA1
1d8a32e324ba6a74594162fa4f906c1ab5488c7a
-
SHA256
f519a7adeec97db32f536e9868c000842db13a165080a6f85a6d990c8e45dfb6
-
SHA512
55b1c4261310b8f9700016a0aa43b3a4b0e92278f264cf7afcc4ce45c222e1b9dd991a70c30904f4f3cc2f07f0f03f2b40c2b3914231e7cb2dcf061e52ca4727
-
SSDEEP
6144:MwHibQ+MkhBWTNGkGTRd8wFtzdwYEU4x53CCr0kYGbWJfXhUSAxm18yvVuLsBT:MsSBWAkGVdD7bqxYCAb20L
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-