General
-
Target
214314acb198f14903fb16538450fe69_JaffaCakes118
-
Size
274KB
-
Sample
240329-n1rtxagh38
-
MD5
214314acb198f14903fb16538450fe69
-
SHA1
d28b62d92aa73da2662f52a20ecb896fbf248806
-
SHA256
fa708dbd323666bef72779702e67ea18192727f8d881ed8cd295619b892e6f1b
-
SHA512
c6a578141238fc0ebeba108f4c325b4d6fa1d2ab37304281253e94f4d7927ebb22fab5bcd411688feed159f57bd5a2cbebcf0200f1e5d29b773392e9be4523b8
-
SSDEEP
6144:wBlL/cjLlGE+pbaB4HFr0l0nBE+3Vn/hNWX+qkP8ySQQe0O:Ce0Eibgoe0nZ3VnJc91O
Static task
static1
Behavioral task
behavioral1
Sample
214314acb198f14903fb16538450fe69_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
214314acb198f14903fb16538450fe69_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/oaolxjpjc.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/oaolxjpjc.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
214314acb198f14903fb16538450fe69_JaffaCakes118
-
Size
274KB
-
MD5
214314acb198f14903fb16538450fe69
-
SHA1
d28b62d92aa73da2662f52a20ecb896fbf248806
-
SHA256
fa708dbd323666bef72779702e67ea18192727f8d881ed8cd295619b892e6f1b
-
SHA512
c6a578141238fc0ebeba108f4c325b4d6fa1d2ab37304281253e94f4d7927ebb22fab5bcd411688feed159f57bd5a2cbebcf0200f1e5d29b773392e9be4523b8
-
SSDEEP
6144:wBlL/cjLlGE+pbaB4HFr0l0nBE+3Vn/hNWX+qkP8ySQQe0O:Ce0Eibgoe0nZ3VnJc91O
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/oaolxjpjc.dll
-
Size
26KB
-
MD5
fb556c16d4ab04252f71268c986a5c43
-
SHA1
5d8857c0fa4543642286072337af96d8374494a9
-
SHA256
7c818c689d9194c90a1ecdd7838cd59ff216971cad20caf8e091d9fa48c7f3fe
-
SHA512
adbfaf25b5937b934dc920436492faab186f0d5a64a57cb027da88a2c9fb4c8b65740713ff232400a908729ae4a48360a2ba79cce86237b9a79d2a1d840d7fc6
-
SSDEEP
384:c7QyMXLM36Y6rHgIM16z5o8r3MuCjswdAKkmwX:cEBLCUDk165BmJdAKkP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-