General
-
Target
f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118
-
Size
685KB
-
Sample
240419-by1b2sea3s
-
MD5
f935b6c7f24be477a23044fa9a9dc9a5
-
SHA1
e67fb9bcf9975e0c6c4122ec7b25e61de6d1ba24
-
SHA256
4827c1bdf5000cc8fc280fa631d36c752d0cdd7b0b357671ef1ebc46a11c440f
-
SHA512
4b9587402b0f2e99af2aeec67307db55c0323228b8e863506f52b7d8d612aa3fdef4104ded5f5adbff7c546a2e91f558c45080f45b80fbf51ee98baeefc9dd34
-
SSDEEP
12288:8Bszn2zd6HX+qs+WWhRmmXikb0iTvDcicTB4vs8w:2mnAd6OqszYRmsXb0iTrcVyvs8w
Static task
static1
Behavioral task
behavioral1
Sample
f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karsanmax.com - Port:
587 - Username:
info@karsanmax.com - Password:
erk#bmc2007 - Email To:
ginzza.kw@gmail.com
Targets
-
-
Target
f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118
-
Size
685KB
-
MD5
f935b6c7f24be477a23044fa9a9dc9a5
-
SHA1
e67fb9bcf9975e0c6c4122ec7b25e61de6d1ba24
-
SHA256
4827c1bdf5000cc8fc280fa631d36c752d0cdd7b0b357671ef1ebc46a11c440f
-
SHA512
4b9587402b0f2e99af2aeec67307db55c0323228b8e863506f52b7d8d612aa3fdef4104ded5f5adbff7c546a2e91f558c45080f45b80fbf51ee98baeefc9dd34
-
SSDEEP
12288:8Bszn2zd6HX+qs+WWhRmmXikb0iTvDcicTB4vs8w:2mnAd6OqszYRmsXb0iTrcVyvs8w
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-