General
-
Target
e5b3fc8e7c159b836046b6f657179929_JaffaCakes118
-
Size
489KB
-
Sample
240407-ycm6xsce4s
-
MD5
e5b3fc8e7c159b836046b6f657179929
-
SHA1
90a8ebb6a71a7b8462cfbf5ff7605bc66297c48e
-
SHA256
73cefc887f0ab4d9e0269c527c1687e360493926bfb7ccc3a876b4bb19832b85
-
SHA512
977613bb7d32ea91aaf8c2303ae25dbd2ea9ba18b5ceca68a014af2be261efc3330a6b48a24c7fbbd2f22a602d59af00abf81de37b613971d9f89d6902be3e01
-
SSDEEP
6144:pqpaDiyDFrvC2uEXmoKpiTQfmlrnKdjkt1V3e+VEdC0cRm7+7nT3wJHWv2EvkWbm:pTDBNKEvKMnKdQPVxEdFcs1Ji7bTG
Static task
static1
Behavioral task
behavioral1
Sample
e5b3fc8e7c159b836046b6f657179929_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bafaqroup.com - Port:
587 - Username:
[email protected] - Password:
bs%K^dS2
Targets
-
-
Target
e5b3fc8e7c159b836046b6f657179929_JaffaCakes118
-
Size
489KB
-
MD5
e5b3fc8e7c159b836046b6f657179929
-
SHA1
90a8ebb6a71a7b8462cfbf5ff7605bc66297c48e
-
SHA256
73cefc887f0ab4d9e0269c527c1687e360493926bfb7ccc3a876b4bb19832b85
-
SHA512
977613bb7d32ea91aaf8c2303ae25dbd2ea9ba18b5ceca68a014af2be261efc3330a6b48a24c7fbbd2f22a602d59af00abf81de37b613971d9f89d6902be3e01
-
SSDEEP
6144:pqpaDiyDFrvC2uEXmoKpiTQfmlrnKdjkt1V3e+VEdC0cRm7+7nT3wJHWv2EvkWbm:pTDBNKEvKMnKdQPVxEdFcs1Ji7bTG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-