General
-
Target
a2c76f1d92fa89671867f90986a86a87_JaffaCakes118
-
Size
588KB
-
Sample
240403-wk9c1sgd5s
-
MD5
a2c76f1d92fa89671867f90986a86a87
-
SHA1
856585e784b7280d136b8129553aa0ad92a8ea3d
-
SHA256
55aed03e89170a5d23ecff52a4f5a8ea81fa921aa37d19c3d807c7b2078cf3a2
-
SHA512
2532fb9a3a29e473d3b5d33eae522c075b5f4a9ab77f1e8937901834c0bfb9beaf1b1e0d3bb25d9fb0ffb3bfaf9b1b3c3c4dce64e2a9be1c8f309721c2d457f4
-
SSDEEP
12288:Z8fWn0aWPNi/NAGbVDajr/V6tvC69WIp8mle3PMH9snfp:ZAaVDE7yvCIG3PZ
Static task
static1
Behavioral task
behavioral1
Sample
a2c76f1d92fa89671867f90986a86a87_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2c76f1d92fa89671867f90986a86a87_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2046248941:AAG5Z0PyWwtApmPaysBm59voK10ec9Rgnaw/sendDocument
Targets
-
-
Target
a2c76f1d92fa89671867f90986a86a87_JaffaCakes118
-
Size
588KB
-
MD5
a2c76f1d92fa89671867f90986a86a87
-
SHA1
856585e784b7280d136b8129553aa0ad92a8ea3d
-
SHA256
55aed03e89170a5d23ecff52a4f5a8ea81fa921aa37d19c3d807c7b2078cf3a2
-
SHA512
2532fb9a3a29e473d3b5d33eae522c075b5f4a9ab77f1e8937901834c0bfb9beaf1b1e0d3bb25d9fb0ffb3bfaf9b1b3c3c4dce64e2a9be1c8f309721c2d457f4
-
SSDEEP
12288:Z8fWn0aWPNi/NAGbVDajr/V6tvC69WIp8mle3PMH9snfp:ZAaVDE7yvCIG3PZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-