General
-
Target
28a035971a05543b5d089a5fbb4093da_JaffaCakes118
-
Size
457KB
-
Sample
240329-wb3twaee82
-
MD5
28a035971a05543b5d089a5fbb4093da
-
SHA1
dff98a3bf2db10f7349af8d716cd5fcce288a026
-
SHA256
80c7c965b9fa6731d6fde32a8a2f9c03cfb13f7ff3eb68360adab6acf32ea4aa
-
SHA512
9a22b5e01a788f0655507f5fc6c7eb9d013fc812fd5a96a5688112b4f6f364cec1bf14ca9687ab595cf654fc41150c52dbb8ee6ce52a4d1631afb2217aeb803c
-
SSDEEP
12288:WepTHjsJ1MNKeRWVmEG+j4qY1ZkrSLgy/:TTDsYYeRWIJ1ZC/y/
Static task
static1
Behavioral task
behavioral1
Sample
28a035971a05543b5d089a5fbb4093da_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28a035971a05543b5d089a5fbb4093da_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1968500169:AAHyFfTHMojfg0XGRFraaMexoQIFtILzuxU/sendDocument
Targets
-
-
Target
28a035971a05543b5d089a5fbb4093da_JaffaCakes118
-
Size
457KB
-
MD5
28a035971a05543b5d089a5fbb4093da
-
SHA1
dff98a3bf2db10f7349af8d716cd5fcce288a026
-
SHA256
80c7c965b9fa6731d6fde32a8a2f9c03cfb13f7ff3eb68360adab6acf32ea4aa
-
SHA512
9a22b5e01a788f0655507f5fc6c7eb9d013fc812fd5a96a5688112b4f6f364cec1bf14ca9687ab595cf654fc41150c52dbb8ee6ce52a4d1631afb2217aeb803c
-
SSDEEP
12288:WepTHjsJ1MNKeRWVmEG+j4qY1ZkrSLgy/:TTDsYYeRWIJ1ZC/y/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-