General
-
Target
f7d523e122590530aede01448916e4cd_JaffaCakes118
-
Size
1.1MB
-
Sample
240418-mtrpwsca8x
-
MD5
f7d523e122590530aede01448916e4cd
-
SHA1
2387ad67eea7eb202c900ae1a283abae7a0e4515
-
SHA256
b234fd2b368732a6c68a39b2d0c4386764e089a3f0bd74e595c73b40bc0c1c7d
-
SHA512
68041d0b51299cbb16c75ebca5f99d212893d30f7792bb34d4624a0b75edba18e737459b73194e102caf3bde80e78876bd594bee8e23aa7bbfbf70236bd5c58f
-
SSDEEP
24576:o48bLqjqfWg/dq64JadiezwCGRRDFP4sUmpSL:R8bIB64Ja1aGEp
Static task
static1
Behavioral task
behavioral1
Sample
f7d523e122590530aede01448916e4cd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7d523e122590530aede01448916e4cd_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rgp.com.pk - Port:
587 - Username:
[email protected] - Password:
pvr999
Targets
-
-
Target
f7d523e122590530aede01448916e4cd_JaffaCakes118
-
Size
1.1MB
-
MD5
f7d523e122590530aede01448916e4cd
-
SHA1
2387ad67eea7eb202c900ae1a283abae7a0e4515
-
SHA256
b234fd2b368732a6c68a39b2d0c4386764e089a3f0bd74e595c73b40bc0c1c7d
-
SHA512
68041d0b51299cbb16c75ebca5f99d212893d30f7792bb34d4624a0b75edba18e737459b73194e102caf3bde80e78876bd594bee8e23aa7bbfbf70236bd5c58f
-
SSDEEP
24576:o48bLqjqfWg/dq64JadiezwCGRRDFP4sUmpSL:R8bIB64Ja1aGEp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-