General
-
Target
e837ba78eda076c383676dfdb9846d36_JaffaCakes118
-
Size
736KB
-
Sample
240408-x3pxrscg3x
-
MD5
e837ba78eda076c383676dfdb9846d36
-
SHA1
051b616366ae1b263cf3e4ce96bc07004469b383
-
SHA256
5baccdcd2956925b6280da41dbd94b190336e599b5f6f4bd1a1ed3d7ba9ca94a
-
SHA512
3997904dabd01f166c2338d59f4bdc012d4321dd3482ee867a4a86af6b701164a4a9c25fd634d376c961ecfbfc12ac867662358b7706180c9dee0c54713719f5
-
SSDEEP
12288:plkF+8T4iqLF5IDe5JX5VMm3hdCze1wiNYyAwdHh5rLiJgl2Kv:ph8TOF5IDe5Jp73Wzu6
Static task
static1
Behavioral task
behavioral1
Sample
e837ba78eda076c383676dfdb9846d36_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e837ba78eda076c383676dfdb9846d36_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aivazibis.com - Port:
587 - Username:
[email protected] - Password:
kp@BFLC1
Targets
-
-
Target
e837ba78eda076c383676dfdb9846d36_JaffaCakes118
-
Size
736KB
-
MD5
e837ba78eda076c383676dfdb9846d36
-
SHA1
051b616366ae1b263cf3e4ce96bc07004469b383
-
SHA256
5baccdcd2956925b6280da41dbd94b190336e599b5f6f4bd1a1ed3d7ba9ca94a
-
SHA512
3997904dabd01f166c2338d59f4bdc012d4321dd3482ee867a4a86af6b701164a4a9c25fd634d376c961ecfbfc12ac867662358b7706180c9dee0c54713719f5
-
SSDEEP
12288:plkF+8T4iqLF5IDe5JX5VMm3hdCze1wiNYyAwdHh5rLiJgl2Kv:ph8TOF5IDe5Jp73Wzu6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-