General
-
Target
f8e5bd6d2898a8c9b1f3867f9e58f071_JaffaCakes118
-
Size
629KB
-
Sample
240418-2hn7ysgg66
-
MD5
f8e5bd6d2898a8c9b1f3867f9e58f071
-
SHA1
fc3a9d8378897fff804728f7869402fef37c9866
-
SHA256
34a45adbca858232e7f3879181c78df27ea6989eac566f971ab5437a7d86dcdc
-
SHA512
990f966db11a2a62824c56603bf1f945e2ac1d58dd8461f6ac540c7d13c89b1f9abcf49cba3642de192fd8f0fae6e85ad147f04347f365afc503046cd71fdac9
-
SSDEEP
12288:RYNNqWjk/9xft2k+uw7od4UNlIkYutjVBy37D/ViXj9tYkCbp:iNfk/9xEkvwT6GkYutRBKAj9mkCbp
Behavioral task
behavioral1
Sample
f8e5bd6d2898a8c9b1f3867f9e58f071_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f8e5bd6d2898a8c9b1f3867f9e58f071_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1728790391:AAGzyc8dIVEVbURhCAMFPa0FGpI3HdqfdEc/sendDocument
Targets
-
-
Target
f8e5bd6d2898a8c9b1f3867f9e58f071_JaffaCakes118
-
Size
629KB
-
MD5
f8e5bd6d2898a8c9b1f3867f9e58f071
-
SHA1
fc3a9d8378897fff804728f7869402fef37c9866
-
SHA256
34a45adbca858232e7f3879181c78df27ea6989eac566f971ab5437a7d86dcdc
-
SHA512
990f966db11a2a62824c56603bf1f945e2ac1d58dd8461f6ac540c7d13c89b1f9abcf49cba3642de192fd8f0fae6e85ad147f04347f365afc503046cd71fdac9
-
SSDEEP
12288:RYNNqWjk/9xft2k+uw7od4UNlIkYutjVBy37D/ViXj9tYkCbp:iNfk/9xEkvwT6GkYutRBKAj9mkCbp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-