Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
48fbf3b3e6c295d69f79f7efbe62cacc_JaffaCakes118
-
Size
537KB
-
Sample
240516-b37a6aeh65
-
MD5
48fbf3b3e6c295d69f79f7efbe62cacc
-
SHA1
0c214f6f4d78c3366d91acd70b5dced8bf5ae27d
-
SHA256
2434b60331e372fc347f46ac1ede21a078fc11ddea75c52679ab4c49cd3c12c7
-
SHA512
ff6b9c143f0a7ced5e0efdb8bda42f6828fe4962425f2aeb09b7959a437d307fbbd4278d5bc1a24670008a80e5805cd8f1a0e3a67948c62883d8d452d66c200f
-
SSDEEP
12288:svj9v2zv1ghpQBITcQFlU+HWtCzrkQxC:svo2zQVQFlU+2Azrr
Static task
static1
Behavioral task
behavioral1
Sample
48fbf3b3e6c295d69f79f7efbe62cacc_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
48fbf3b3e6c295d69f79f7efbe62cacc_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
7*noaCk_l6G+
Targets
-
-
Target
48fbf3b3e6c295d69f79f7efbe62cacc_JaffaCakes118
-
Size
537KB
-
MD5
48fbf3b3e6c295d69f79f7efbe62cacc
-
SHA1
0c214f6f4d78c3366d91acd70b5dced8bf5ae27d
-
SHA256
2434b60331e372fc347f46ac1ede21a078fc11ddea75c52679ab4c49cd3c12c7
-
SHA512
ff6b9c143f0a7ced5e0efdb8bda42f6828fe4962425f2aeb09b7959a437d307fbbd4278d5bc1a24670008a80e5805cd8f1a0e3a67948c62883d8d452d66c200f
-
SSDEEP
12288:svj9v2zv1ghpQBITcQFlU+HWtCzrkQxC:svo2zQVQFlU+2Azrr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-