General
-
Target
f8f98f53023a54e07d9bcefc0a6f7abc_JaffaCakes118
-
Size
776KB
-
Sample
240418-3bgd7sah6x
-
MD5
f8f98f53023a54e07d9bcefc0a6f7abc
-
SHA1
b242f3157035e56c76386486f3f39be7b61407b9
-
SHA256
2edd587b9b24d398f0c9bc20fe7519a270ec43c5d55d2c489af92ab0bbf50097
-
SHA512
219a4b6fb5262cc9e7fc9b0c7f2fce5bc9fdeeed91e864b54a47474f587df353dfa861ae37b69e2b9cfbd25b30c9c3929daf4a9b4147449a50610ad479c7e019
-
SSDEEP
12288:lb0X34/4dZ/G/VOaSzO0LBeIqe4k10Yil6pOUmfi235bzIvyBC:FS4/AZ/G/VOa8O0VeS10UpBF23ZIaB
Static task
static1
Behavioral task
behavioral1
Sample
f8f98f53023a54e07d9bcefc0a6f7abc_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8f98f53023a54e07d9bcefc0a6f7abc_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.atmmakina.com - Port:
587 - Username:
muhasebe@atmmakina.com - Password:
Atm9990778atm - Email To:
reportbox20@gmail.com
Targets
-
-
Target
f8f98f53023a54e07d9bcefc0a6f7abc_JaffaCakes118
-
Size
776KB
-
MD5
f8f98f53023a54e07d9bcefc0a6f7abc
-
SHA1
b242f3157035e56c76386486f3f39be7b61407b9
-
SHA256
2edd587b9b24d398f0c9bc20fe7519a270ec43c5d55d2c489af92ab0bbf50097
-
SHA512
219a4b6fb5262cc9e7fc9b0c7f2fce5bc9fdeeed91e864b54a47474f587df353dfa861ae37b69e2b9cfbd25b30c9c3929daf4a9b4147449a50610ad479c7e019
-
SSDEEP
12288:lb0X34/4dZ/G/VOaSzO0LBeIqe4k10Yil6pOUmfi235bzIvyBC:FS4/AZ/G/VOa8O0VeS10UpBF23ZIaB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-