General
-
Target
2792a51515f062bccad04a227e469c47_JaffaCakes118
-
Size
569KB
-
Sample
240329-vgkptade69
-
MD5
2792a51515f062bccad04a227e469c47
-
SHA1
54bf03bd7abce73a15fe3dba5fd7880e9e9e128c
-
SHA256
8e983c2f83998d2c4578abe1bbfb0f36e0131019de8af8a62948f4fc5c7da7f9
-
SHA512
0a33f7da9b05f22755c1c3c8ab0d46116101a2ac296628c5129f54f3d066fa090ce115f4f6700461b6232e6a82d739bcb51ba2bacf1e3332634618b1b08f0a96
-
SSDEEP
12288:YVbiMAyNPz6Ne+vWfA/08BKbwkH0KjUs3E3r8TcKq8jsOSB:0+FlNe+vWJ8BcH0Ds8iM8YTB
Static task
static1
Behavioral task
behavioral1
Sample
2792a51515f062bccad04a227e469c47_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2792a51515f062bccad04a227e469c47_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.upgcambodia.com - Port:
587 - Username:
[email protected] - Password:
stock3168
Targets
-
-
Target
2792a51515f062bccad04a227e469c47_JaffaCakes118
-
Size
569KB
-
MD5
2792a51515f062bccad04a227e469c47
-
SHA1
54bf03bd7abce73a15fe3dba5fd7880e9e9e128c
-
SHA256
8e983c2f83998d2c4578abe1bbfb0f36e0131019de8af8a62948f4fc5c7da7f9
-
SHA512
0a33f7da9b05f22755c1c3c8ab0d46116101a2ac296628c5129f54f3d066fa090ce115f4f6700461b6232e6a82d739bcb51ba2bacf1e3332634618b1b08f0a96
-
SSDEEP
12288:YVbiMAyNPz6Ne+vWfA/08BKbwkH0KjUs3E3r8TcKq8jsOSB:0+FlNe+vWJ8BcH0Ds8iM8YTB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-