General
-
Target
20155e92f6a7a7763994226e11713552_JaffaCakes118
-
Size
355KB
-
Sample
240329-mx8sksga65
-
MD5
20155e92f6a7a7763994226e11713552
-
SHA1
40924207e867cf348592997149b3c4c09218913b
-
SHA256
efe702eff8b1684d9a92b1a5f24e1f375033dd124e588ee30cc778adc16d76f1
-
SHA512
593cdb29c24e72818603dfbe367db4e85a6e5750309658cda0b3443b2b4a65188a51f83bac20089095cdd1400d032be1fa33937d52aeaaf468d53df834559191
-
SSDEEP
1536:EU00amxtg0natcmsqDifqO/vFHt543MCfj/gfj5wbQKKJskZguVeTY4+jUgRD4sL:NwG
Static task
static1
Behavioral task
behavioral1
Sample
20155e92f6a7a7763994226e11713552_JaffaCakes118.ps1
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
20155e92f6a7a7763994226e11713552_JaffaCakes118.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
http://103.125.190.248/j/p13n/mawa/b04042b22b2b6179257d.php
Targets
-
-
Target
20155e92f6a7a7763994226e11713552_JaffaCakes118
-
Size
355KB
-
MD5
20155e92f6a7a7763994226e11713552
-
SHA1
40924207e867cf348592997149b3c4c09218913b
-
SHA256
efe702eff8b1684d9a92b1a5f24e1f375033dd124e588ee30cc778adc16d76f1
-
SHA512
593cdb29c24e72818603dfbe367db4e85a6e5750309658cda0b3443b2b4a65188a51f83bac20089095cdd1400d032be1fa33937d52aeaaf468d53df834559191
-
SSDEEP
1536:EU00amxtg0natcmsqDifqO/vFHt543MCfj/gfj5wbQKKJskZguVeTY4+jUgRD4sL:NwG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-