General
-
Target
38fbd4445e816126a0c9e89c7599db66_JaffaCakes118
-
Size
430KB
-
Sample
240330-lbyvtada65
-
MD5
38fbd4445e816126a0c9e89c7599db66
-
SHA1
7afc72c4b8d115584fa414db680a5bab59800874
-
SHA256
8fadb4f26f66b5d6892f6fec0165feb246165af1d43f1a87881169c716da742e
-
SHA512
b6b3128315217e5f9f9ce11b2efc4807b087c03618ebc78e721722d1cbf8b18a4ff35697c003c09ce6fea8db4b099b4f54b8036eb084a0cb49ce1d2c96e4170a
-
SSDEEP
12288:ya4+8evo4AYaqE+31zSscn9veDkBwZtX:a+7vo0pVCleDO85
Static task
static1
Behavioral task
behavioral1
Sample
38fbd4445e816126a0c9e89c7599db66_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
38fbd4445e816126a0c9e89c7599db66_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.medtec-germany.com - Port:
587 - Username:
[email protected] - Password:
vfPjbzH2
Targets
-
-
Target
38fbd4445e816126a0c9e89c7599db66_JaffaCakes118
-
Size
430KB
-
MD5
38fbd4445e816126a0c9e89c7599db66
-
SHA1
7afc72c4b8d115584fa414db680a5bab59800874
-
SHA256
8fadb4f26f66b5d6892f6fec0165feb246165af1d43f1a87881169c716da742e
-
SHA512
b6b3128315217e5f9f9ce11b2efc4807b087c03618ebc78e721722d1cbf8b18a4ff35697c003c09ce6fea8db4b099b4f54b8036eb084a0cb49ce1d2c96e4170a
-
SSDEEP
12288:ya4+8evo4AYaqE+31zSscn9veDkBwZtX:a+7vo0pVCleDO85
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-