General
-
Target
f8c880aa9e2ba8c1f0d2f941f6b356e1_JaffaCakes118
-
Size
931KB
-
Sample
240418-1aeg4sfc85
-
MD5
f8c880aa9e2ba8c1f0d2f941f6b356e1
-
SHA1
0f9575509bc065fa45fb4e728db714ac06afdb13
-
SHA256
c2daf84195d96871eb23d702ee3f214992004edfbb1f06e8ac06bf94561497ca
-
SHA512
0ff47393421e88f1c3f4f41b80c35024495ea9fa10ce6aca4e151922319fef50717325ae54b50a0fc13a1abfc2ec477318d9337f2641f2e1f4045921057a98f8
-
SSDEEP
12288:RZwufiJXfXUykJcuCQPB6jLoHgUy7y1lDGeENM9yMvKULPuMysRwKDkaxqhETDlo:RhifHk0j8HgUy7y1lDj9iwPC5Mbxf
Static task
static1
Behavioral task
behavioral1
Sample
f8c880aa9e2ba8c1f0d2f941f6b356e1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8c880aa9e2ba8c1f0d2f941f6b356e1_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.abuashara.com - Port:
587 - Username:
sales@abuashara.com - Password:
SE9769 - Email To:
s.naydisi@gmail.com
Targets
-
-
Target
f8c880aa9e2ba8c1f0d2f941f6b356e1_JaffaCakes118
-
Size
931KB
-
MD5
f8c880aa9e2ba8c1f0d2f941f6b356e1
-
SHA1
0f9575509bc065fa45fb4e728db714ac06afdb13
-
SHA256
c2daf84195d96871eb23d702ee3f214992004edfbb1f06e8ac06bf94561497ca
-
SHA512
0ff47393421e88f1c3f4f41b80c35024495ea9fa10ce6aca4e151922319fef50717325ae54b50a0fc13a1abfc2ec477318d9337f2641f2e1f4045921057a98f8
-
SSDEEP
12288:RZwufiJXfXUykJcuCQPB6jLoHgUy7y1lDGeENM9yMvKULPuMysRwKDkaxqhETDlo:RhifHk0j8HgUy7y1lDj9iwPC5Mbxf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-