General
-
Target
19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118
-
Size
395KB
-
Sample
240329-gdbqvabf62
-
MD5
19ed94f5448950a9d5bcd63228a635b3
-
SHA1
e7a88d2e71f82ac41195e766a47d1b9fd497ffd1
-
SHA256
057d53666aa40a761b4b096b884862cc108552bcb3a46bc92af7033e720612df
-
SHA512
036b3736308545aea0d341c1c2ccd7156ac5ba37f9f8fe442104d814c145022f715b6b0fa126a76e1f6bc80119486091b7b85b1ccdc7284544a90057451e3333
-
SSDEEP
12288:tesvMU9Rthob6zMoqin2cQ5T6MQkMi0oJR4QuNzC:tXMUAazyTVQJi00vV
Static task
static1
Behavioral task
behavioral1
Sample
19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118
-
Size
395KB
-
MD5
19ed94f5448950a9d5bcd63228a635b3
-
SHA1
e7a88d2e71f82ac41195e766a47d1b9fd497ffd1
-
SHA256
057d53666aa40a761b4b096b884862cc108552bcb3a46bc92af7033e720612df
-
SHA512
036b3736308545aea0d341c1c2ccd7156ac5ba37f9f8fe442104d814c145022f715b6b0fa126a76e1f6bc80119486091b7b85b1ccdc7284544a90057451e3333
-
SSDEEP
12288:tesvMU9Rthob6zMoqin2cQ5T6MQkMi0oJR4QuNzC:tXMUAazyTVQJi00vV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-