General
-
Target
165aa905981301839ab3707a6aff8103_JaffaCakes118
-
Size
459KB
-
Sample
240329-c4p9psff2t
-
MD5
165aa905981301839ab3707a6aff8103
-
SHA1
2e998404e149b9f7a652ecd0ddb9ace7a787f7b8
-
SHA256
313ecfc83dfd696344b0492c40c106b7ee33d06f3dfdac17200864e8214cb5bb
-
SHA512
49728df28a5d0d87414835e8d197ba36254834a61f21d53af9377cbf36db9c1574541b29d772bfbd0c435753ff30ee29e195fe34fc9445422d5e91a85d77f9f4
-
SSDEEP
6144:ZE500zV6Lfl+RQmsaGSHHdivSHwm5CZq2AnK+LDqf7Q/ZRk0LLzQ8AJYk:C5jkrwPlGM9ivSHv52+qDQDzRk
Static task
static1
Behavioral task
behavioral1
Sample
165aa905981301839ab3707a6aff8103_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
165aa905981301839ab3707a6aff8103_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.w2opt.com - Port:
587 - Username:
[email protected] - Password:
wTwo@2018 - Email To:
[email protected]
Targets
-
-
Target
165aa905981301839ab3707a6aff8103_JaffaCakes118
-
Size
459KB
-
MD5
165aa905981301839ab3707a6aff8103
-
SHA1
2e998404e149b9f7a652ecd0ddb9ace7a787f7b8
-
SHA256
313ecfc83dfd696344b0492c40c106b7ee33d06f3dfdac17200864e8214cb5bb
-
SHA512
49728df28a5d0d87414835e8d197ba36254834a61f21d53af9377cbf36db9c1574541b29d772bfbd0c435753ff30ee29e195fe34fc9445422d5e91a85d77f9f4
-
SSDEEP
6144:ZE500zV6Lfl+RQmsaGSHHdivSHwm5CZq2AnK+LDqf7Q/ZRk0LLzQ8AJYk:C5jkrwPlGM9ivSHv52+qDQDzRk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-