General
-
Target
017a0af602d1adf6f71d6f6b3bb3a463_JaffaCakes118
-
Size
2.0MB
-
Sample
240426-xzmm8sac99
-
MD5
017a0af602d1adf6f71d6f6b3bb3a463
-
SHA1
63495c0f47d6db365c5be730d4e5ba9013cd69e8
-
SHA256
262955fc01876ea720101079d1783d6cb4da1a8194d05f90317fdbef0d1f507d
-
SHA512
df8f696ac26fb28152de5be69feda90e80ee5a4e0ab14b46857e89d3a619ad686e468b8bccd084efc3275d4fa1791376946be3fbb8854de2902ced955ffb8129
-
SSDEEP
49152:Vu0c++OCvkGs9Fa6yaG3XCG9sLVEByR/bh5qYQ8GI3InY:wB3vkJ96X3Xp9sOebvqN8Gyw
Static task
static1
Behavioral task
behavioral1
Sample
017a0af602d1adf6f71d6f6b3bb3a463_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
017a0af602d1adf6f71d6f6b3bb3a463_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ociii.net - Port:
587 - Username:
cdiaz@ociii.net - Password:
ojuks4421132
Targets
-
-
Target
017a0af602d1adf6f71d6f6b3bb3a463_JaffaCakes118
-
Size
2.0MB
-
MD5
017a0af602d1adf6f71d6f6b3bb3a463
-
SHA1
63495c0f47d6db365c5be730d4e5ba9013cd69e8
-
SHA256
262955fc01876ea720101079d1783d6cb4da1a8194d05f90317fdbef0d1f507d
-
SHA512
df8f696ac26fb28152de5be69feda90e80ee5a4e0ab14b46857e89d3a619ad686e468b8bccd084efc3275d4fa1791376946be3fbb8854de2902ced955ffb8129
-
SSDEEP
49152:Vu0c++OCvkGs9Fa6yaG3XCG9sLVEByR/bh5qYQ8GI3InY:wB3vkJ96X3Xp9sOebvqN8Gyw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-