General
-
Target
1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118
-
Size
659KB
-
Sample
240504-ffx67age76
-
MD5
1188574f43ab4949dbc23b2b0c358c64
-
SHA1
71fccbdd47f6285899cf45e0ba5d532490caa8ba
-
SHA256
0a5a8423274bf1f4ba1b90b99ef3efdadcb5459a519c47dc6ebb97a2065ead4c
-
SHA512
93cf09dd8efbcbb353d68f0b049fca2df8f52c13a23847de24049680dcc5bd46185870db098d2c5a283a1b4f4d2a7165a3f4304c2f77447b8bb34eff8a24c723
-
SSDEEP
6144:2NZuc+lNVaQsebRFxlh9jwrp5aTvAgT4RS3eATXModewM9O7vGmcqebCa3ems9t:2j+paxO8rSTmk3eA79s9yebCm
Behavioral task
behavioral1
Sample
1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1188574f43ab4949dbc23b2b0c358c64_JaffaCakes118
-
Size
659KB
-
MD5
1188574f43ab4949dbc23b2b0c358c64
-
SHA1
71fccbdd47f6285899cf45e0ba5d532490caa8ba
-
SHA256
0a5a8423274bf1f4ba1b90b99ef3efdadcb5459a519c47dc6ebb97a2065ead4c
-
SHA512
93cf09dd8efbcbb353d68f0b049fca2df8f52c13a23847de24049680dcc5bd46185870db098d2c5a283a1b4f4d2a7165a3f4304c2f77447b8bb34eff8a24c723
-
SSDEEP
6144:2NZuc+lNVaQsebRFxlh9jwrp5aTvAgT4RS3eATXModewM9O7vGmcqebCa3ems9t:2j+paxO8rSTmk3eA79s9yebCm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-