General
-
Target
e7666b9120295666851ea1749699ab14_JaffaCakes118
-
Size
818KB
-
Sample
240408-n1q8dabg61
-
MD5
e7666b9120295666851ea1749699ab14
-
SHA1
8fb07dc7c409561deb52d06b57ad351ab858995c
-
SHA256
ef2dd9364aac91580b27b37735c1f1e885dd8edf3bbef2f0ac972d73799c0070
-
SHA512
19d8238bd8578c204ec72a001fb2f7a634ac40f7f591e99e0ccbf11ecbf74deb86d2f7dcb7a5989e613ea807cff3c47007551731f4400554eb9b8556e5a91b99
-
SSDEEP
12288:Ppxr4lsNOMIl6elGNc5c7QlG//Knd+iz8RJ5EzcKrNfASpiJ/rO2iN:Pfrtc5MQ6CdqRJ5EzcKrNfASw/rO1
Static task
static1
Behavioral task
behavioral1
Sample
e7666b9120295666851ea1749699ab14_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e7666b9120295666851ea1749699ab14_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cairoshippinginternational.com - Port:
587 - Username:
[email protected] - Password:
NermoSamy@2006+ - Email To:
[email protected]
Targets
-
-
Target
e7666b9120295666851ea1749699ab14_JaffaCakes118
-
Size
818KB
-
MD5
e7666b9120295666851ea1749699ab14
-
SHA1
8fb07dc7c409561deb52d06b57ad351ab858995c
-
SHA256
ef2dd9364aac91580b27b37735c1f1e885dd8edf3bbef2f0ac972d73799c0070
-
SHA512
19d8238bd8578c204ec72a001fb2f7a634ac40f7f591e99e0ccbf11ecbf74deb86d2f7dcb7a5989e613ea807cff3c47007551731f4400554eb9b8556e5a91b99
-
SSDEEP
12288:Ppxr4lsNOMIl6elGNc5c7QlG//Knd+iz8RJ5EzcKrNfASpiJ/rO2iN:Pfrtc5MQ6CdqRJ5EzcKrNfASw/rO1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-