General
-
Target
238b3e158e08065f4ba27b587e50900c_JaffaCakes118
-
Size
592KB
-
Sample
240329-q2dd1sae42
-
MD5
238b3e158e08065f4ba27b587e50900c
-
SHA1
afbad7f31509c093d1508c102e69973948f122a9
-
SHA256
ac5866f614b823da9be6ee38aabad18d3c4ccac441ff22c833d6c0957f72ba8b
-
SHA512
a55ab212c8581e9536be7eb337cd87bb4ee89440fa10ac8a41d7f612e4fac0411463f364872b2dfa8ae8159d84c99b7f17c6efded36201692b9d7cbeeee59287
-
SSDEEP
12288:YhvWUmKqcWnS2hKsV1CHanXEHT5aRAnDSYZQz90:EuUmKqcmUfOpfz9
Static task
static1
Behavioral task
behavioral1
Sample
238b3e158e08065f4ba27b587e50900c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
238b3e158e08065f4ba27b587e50900c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scahe.co.in - Port:
587 - Username:
[email protected] - Password:
scaheavy@12345
Targets
-
-
Target
238b3e158e08065f4ba27b587e50900c_JaffaCakes118
-
Size
592KB
-
MD5
238b3e158e08065f4ba27b587e50900c
-
SHA1
afbad7f31509c093d1508c102e69973948f122a9
-
SHA256
ac5866f614b823da9be6ee38aabad18d3c4ccac441ff22c833d6c0957f72ba8b
-
SHA512
a55ab212c8581e9536be7eb337cd87bb4ee89440fa10ac8a41d7f612e4fac0411463f364872b2dfa8ae8159d84c99b7f17c6efded36201692b9d7cbeeee59287
-
SSDEEP
12288:YhvWUmKqcWnS2hKsV1CHanXEHT5aRAnDSYZQz90:EuUmKqcmUfOpfz9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-