General
-
Target
eb4412b32b90cbff3cff3a2762623f9c_JaffaCakes118
-
Size
499KB
-
Sample
240410-rn7w5sea4v
-
MD5
eb4412b32b90cbff3cff3a2762623f9c
-
SHA1
5071ad5d98932f0bc81584ce9500efe361166efd
-
SHA256
12c620e143987ad28fe072cdd8dfc5b0e2cde3492cae25168e13435463323d18
-
SHA512
016bcf96a4645cc25a31dd996f4c7021cf847498398cfe7c4761a7c4c34ff391b7fcd567ad032483d6f292d59945c41821536cfb75feccbd29e838c88cb6b0fd
-
SSDEEP
12288:ic4hbmOwD71tJha6QSGUsy7Se75DdWT7/:b8bmOKhtPUUbSW5DdG7
Static task
static1
Behavioral task
behavioral1
Sample
eb4412b32b90cbff3cff3a2762623f9c_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.videoalliance.ru/ - Port:
21 - Username:
[email protected] - Password:
xq0~K^xsfq08
Targets
-
-
Target
eb4412b32b90cbff3cff3a2762623f9c_JaffaCakes118
-
Size
499KB
-
MD5
eb4412b32b90cbff3cff3a2762623f9c
-
SHA1
5071ad5d98932f0bc81584ce9500efe361166efd
-
SHA256
12c620e143987ad28fe072cdd8dfc5b0e2cde3492cae25168e13435463323d18
-
SHA512
016bcf96a4645cc25a31dd996f4c7021cf847498398cfe7c4761a7c4c34ff391b7fcd567ad032483d6f292d59945c41821536cfb75feccbd29e838c88cb6b0fd
-
SSDEEP
12288:ic4hbmOwD71tJha6QSGUsy7Se75DdWT7/:b8bmOKhtPUUbSW5DdG7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-