General
-
Target
14780b5a751c81330858aa795b384be9_JaffaCakes118
-
Size
276KB
-
Sample
240329-bbdjrsdg97
-
MD5
14780b5a751c81330858aa795b384be9
-
SHA1
ea060b9e447d87cd2a8194c3110acfc2f0fb49dd
-
SHA256
7191bacce32bac868401f96bdcf0c59275951ba2ceabc27e295d3c9ccd9c0474
-
SHA512
bb1e2be739a2d08112dbd8d8e9d12628605d253deca7e9a4ce73e4575409f117bb4e813f9c5cd6931e8d4fe805b66d015d8172169ec880786a08cd55eaa3475e
-
SSDEEP
6144:wBlL/cP3WE4EA6OlIsGlQadt9DD1Fgww/4sy0+gA:CeP3a/+dt9DhFtZs1JA
Static task
static1
Behavioral task
behavioral1
Sample
14780b5a751c81330858aa795b384be9_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
14780b5a751c81330858aa795b384be9_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nitltkq.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nitltkq.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
14780b5a751c81330858aa795b384be9_JaffaCakes118
-
Size
276KB
-
MD5
14780b5a751c81330858aa795b384be9
-
SHA1
ea060b9e447d87cd2a8194c3110acfc2f0fb49dd
-
SHA256
7191bacce32bac868401f96bdcf0c59275951ba2ceabc27e295d3c9ccd9c0474
-
SHA512
bb1e2be739a2d08112dbd8d8e9d12628605d253deca7e9a4ce73e4575409f117bb4e813f9c5cd6931e8d4fe805b66d015d8172169ec880786a08cd55eaa3475e
-
SSDEEP
6144:wBlL/cP3WE4EA6OlIsGlQadt9DD1Fgww/4sy0+gA:CeP3a/+dt9DhFtZs1JA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/nitltkq.dll
-
Size
33KB
-
MD5
6af5e7b9a184d0be2697ce73e4785fe4
-
SHA1
2d3828288bd07abf1d44105fbbff2d3101fa40eb
-
SHA256
3cf2b5d1e973b29a24fb05f608046e483f008cd0861246bc6367c1507bb4a672
-
SHA512
33baa87d649f9eebd54c4aa9a75e5e4a6c9e36b5197ad4b6a757e8c1aa4810dd81a59d4cb64257a131892d725919ef8874f6c664d7f066878b4030338fc3dcf5
-
SSDEEP
384:A/o2SnW4B7jeRReTXIWD9Cc8NuYXAVckDLDll+RPaaWnktmdnZq4aIzeWU9ae77D:v2E9JjKPaaWktG81e9e/5ufbVW
Score3/10 -