General
-
Target
338a2590962fb66ab7a2d4436c3100f8_JaffaCakes118
-
Size
756KB
-
Sample
240330-e133hagg6v
-
MD5
338a2590962fb66ab7a2d4436c3100f8
-
SHA1
970fe9b649285cf8adfd10d42a1e06cda73b3982
-
SHA256
d4d0017b7ee338ad4c3ae0a6b9e61ed2ecb4279c1b30bd636eec2e924450bad7
-
SHA512
b88b4653c76f817388df4d1306905e96c6b6797d1d999e5a18c570c1536735bbc60ef4a34e533e061f85453bb701561207654b571be86d4ae09eddddf571b6e9
-
SSDEEP
12288:VPLTrMosq9TjxTp7+R3/pMOu3thdQrZyuwz2d:pLTrv9eR3h+
Static task
static1
Behavioral task
behavioral1
Sample
338a2590962fb66ab7a2d4436c3100f8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
338a2590962fb66ab7a2d4436c3100f8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Prince11
Targets
-
-
Target
338a2590962fb66ab7a2d4436c3100f8_JaffaCakes118
-
Size
756KB
-
MD5
338a2590962fb66ab7a2d4436c3100f8
-
SHA1
970fe9b649285cf8adfd10d42a1e06cda73b3982
-
SHA256
d4d0017b7ee338ad4c3ae0a6b9e61ed2ecb4279c1b30bd636eec2e924450bad7
-
SHA512
b88b4653c76f817388df4d1306905e96c6b6797d1d999e5a18c570c1536735bbc60ef4a34e533e061f85453bb701561207654b571be86d4ae09eddddf571b6e9
-
SSDEEP
12288:VPLTrMosq9TjxTp7+R3/pMOu3thdQrZyuwz2d:pLTrv9eR3h+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-