General
-
Target
2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118
-
Size
595KB
-
Sample
240329-mxbg3sfb3x
-
MD5
2010e737f4435fd3f46c0055ba44a73c
-
SHA1
d04fde1d87cc96dcc16158d756a8a4f330a6e7bf
-
SHA256
3716f1103a0032113879b6ed4b8d705be19216257c345cda9e366e8d94559fa0
-
SHA512
fb10989bee0ffe9508599bd9f2f697e486cce91f2a0e2c7de9f324788e58414467630a633a7fd3a2a2097c7c8fccb0e00224519fb0df15e462eb1fa49befe0b9
-
SSDEEP
12288:5ISAMSSBfjjgY0fy2EsteVNU/50CxFgjvXhH9PVA5saTYIIujjefgAAann:0yBfYpfd8Nq50CxKvn5aT7jyYa
Static task
static1
Behavioral task
behavioral1
Sample
2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.copangroup.xyz - Port:
587 - Username:
[email protected] - Password:
gibson.1990
Targets
-
-
Target
2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118
-
Size
595KB
-
MD5
2010e737f4435fd3f46c0055ba44a73c
-
SHA1
d04fde1d87cc96dcc16158d756a8a4f330a6e7bf
-
SHA256
3716f1103a0032113879b6ed4b8d705be19216257c345cda9e366e8d94559fa0
-
SHA512
fb10989bee0ffe9508599bd9f2f697e486cce91f2a0e2c7de9f324788e58414467630a633a7fd3a2a2097c7c8fccb0e00224519fb0df15e462eb1fa49befe0b9
-
SSDEEP
12288:5ISAMSSBfjjgY0fy2EsteVNU/50CxFgjvXhH9PVA5saTYIIujjefgAAann:0yBfYpfd8Nq50CxKvn5aT7jyYa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-