General
-
Target
f808d1fe0406d1f118f1d5bfc312b0a7_JaffaCakes118
-
Size
844KB
-
Sample
240418-p5f4mseg7s
-
MD5
f808d1fe0406d1f118f1d5bfc312b0a7
-
SHA1
1004d0ec9e9224216073c2a1ab254ad4bcaea2e9
-
SHA256
b67c98d61821c20cee68007e1c4dedcc40faae142361866e2340bba3c55f7b96
-
SHA512
dc298b0564134cc2c5743b43b2ae494bdb90686ac23e2ae8a0bda197f8bdb22178f548d6b3efd02e6ecabca5c4e712c4a9ae49847bfb62de324971ad20774b1d
-
SSDEEP
24576:nGPdnVamxuT7V11u14tlz3Vby3FtfnVN:nMdnVaQp14tlz3Vby3FtfnVN
Static task
static1
Behavioral task
behavioral1
Sample
f808d1fe0406d1f118f1d5bfc312b0a7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f808d1fe0406d1f118f1d5bfc312b0a7_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.unalanguvenlik.com - Port:
587 - Username:
david.b@unalanguvenlik.com - Password:
selection2018
Targets
-
-
Target
f808d1fe0406d1f118f1d5bfc312b0a7_JaffaCakes118
-
Size
844KB
-
MD5
f808d1fe0406d1f118f1d5bfc312b0a7
-
SHA1
1004d0ec9e9224216073c2a1ab254ad4bcaea2e9
-
SHA256
b67c98d61821c20cee68007e1c4dedcc40faae142361866e2340bba3c55f7b96
-
SHA512
dc298b0564134cc2c5743b43b2ae494bdb90686ac23e2ae8a0bda197f8bdb22178f548d6b3efd02e6ecabca5c4e712c4a9ae49847bfb62de324971ad20774b1d
-
SSDEEP
24576:nGPdnVamxuT7V11u14tlz3Vby3FtfnVN:nMdnVaQp14tlz3Vby3FtfnVN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-