General
-
Target
db9e907ff9ba826d2060d89960d856c4_JaffaCakes118
-
Size
970KB
-
Sample
240406-fd2rlaah9z
-
MD5
db9e907ff9ba826d2060d89960d856c4
-
SHA1
f7102a067489427569423393937c5196eb0dd61e
-
SHA256
6b283788926bb1299ebd19f0ca9326e7f9385d9c45165bf9344a8fdb4bedcc75
-
SHA512
8aea86d6ce062a2b85319ce175a84502376ebd82619d4eba2a6ba2bcc9e42b4fca35bfb657cebe9b9866f798cb337f76064de949894a0286273d43776c420429
-
SSDEEP
24576:v5PC7zJ/zJqzJ14TZEy8loWlvarBqKeEZ:v5PCrK7lvKqxEZ
Static task
static1
Behavioral task
behavioral1
Sample
db9e907ff9ba826d2060d89960d856c4_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
db9e907ff9ba826d2060d89960d856c4_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.titan.email - Port:
587 - Username:
[email protected] - Password:
goodluck4REAL
Targets
-
-
Target
db9e907ff9ba826d2060d89960d856c4_JaffaCakes118
-
Size
970KB
-
MD5
db9e907ff9ba826d2060d89960d856c4
-
SHA1
f7102a067489427569423393937c5196eb0dd61e
-
SHA256
6b283788926bb1299ebd19f0ca9326e7f9385d9c45165bf9344a8fdb4bedcc75
-
SHA512
8aea86d6ce062a2b85319ce175a84502376ebd82619d4eba2a6ba2bcc9e42b4fca35bfb657cebe9b9866f798cb337f76064de949894a0286273d43776c420429
-
SSDEEP
24576:v5PC7zJ/zJqzJ14TZEy8loWlvarBqKeEZ:v5PCrK7lvKqxEZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-