General
-
Target
f864755d05b3d9441efbd0409bdfca5e_JaffaCakes118
-
Size
815KB
-
Sample
240418-ve5xzaaa44
-
MD5
f864755d05b3d9441efbd0409bdfca5e
-
SHA1
43fec500d1215511c3c59b82f201d1f3bbcffe41
-
SHA256
e82f009d73a809db17278bed3321042f96868c0e6f287fbbdafd86f12952c879
-
SHA512
1ff55f54ebed6333d7f945ff4d8f19383809999774418f1c8dd12a68faf4d378ce5653fb2d757200df06175528b44d7ab740b803281f90ff7dd13771af5c9ef7
-
SSDEEP
12288:kwoR65AXwgFvuSSrsRH38ppIRF2pk7avd1UqsQa/+dhqwS9y5:HoR6qgGXIC2pkWjLs7/2hS9u
Static task
static1
Behavioral task
behavioral1
Sample
f864755d05b3d9441efbd0409bdfca5e_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f864755d05b3d9441efbd0409bdfca5e_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
box5363.bluehost.com - Port:
587 - Username:
info@hajartrading.net - Password:
Hajarbh@1993
Targets
-
-
Target
f864755d05b3d9441efbd0409bdfca5e_JaffaCakes118
-
Size
815KB
-
MD5
f864755d05b3d9441efbd0409bdfca5e
-
SHA1
43fec500d1215511c3c59b82f201d1f3bbcffe41
-
SHA256
e82f009d73a809db17278bed3321042f96868c0e6f287fbbdafd86f12952c879
-
SHA512
1ff55f54ebed6333d7f945ff4d8f19383809999774418f1c8dd12a68faf4d378ce5653fb2d757200df06175528b44d7ab740b803281f90ff7dd13771af5c9ef7
-
SSDEEP
12288:kwoR65AXwgFvuSSrsRH38ppIRF2pk7avd1UqsQa/+dhqwS9y5:HoR6qgGXIC2pkWjLs7/2hS9u
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-