General
-
Target
69ee1eb5577df087d89472031d5f0149_JaffaCakes118
-
Size
927KB
-
Sample
240523-ggrapsfe76
-
MD5
69ee1eb5577df087d89472031d5f0149
-
SHA1
96344049266577fbc4dfa635ac60215a5ecc1e3e
-
SHA256
6400a7dde7bc06a67fb024815767d03b203a608e9e976c998ddd4d10fab34667
-
SHA512
54b108e1d866c1205bf3a390a0104bafdb63ce316dce7407407fbb2923987cff62df62eaafc199c5b4fdfb660dbdeca429928a6e253842e038a6adc886b3edc5
-
SSDEEP
12288:F0Z6bbBasXuqXfgMLvAnyceXJCtexRLZ6bbBasXuqXfgMLvAnyceXJCtexR5kBo:GZgBDAyVXJpZgBDAyVXJwBo
Static task
static1
Behavioral task
behavioral1
Sample
69ee1eb5577df087d89472031d5f0149_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
69ee1eb5577df087d89472031d5f0149_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Saneph288@
Targets
-
-
Target
69ee1eb5577df087d89472031d5f0149_JaffaCakes118
-
Size
927KB
-
MD5
69ee1eb5577df087d89472031d5f0149
-
SHA1
96344049266577fbc4dfa635ac60215a5ecc1e3e
-
SHA256
6400a7dde7bc06a67fb024815767d03b203a608e9e976c998ddd4d10fab34667
-
SHA512
54b108e1d866c1205bf3a390a0104bafdb63ce316dce7407407fbb2923987cff62df62eaafc199c5b4fdfb660dbdeca429928a6e253842e038a6adc886b3edc5
-
SSDEEP
12288:F0Z6bbBasXuqXfgMLvAnyceXJCtexRLZ6bbBasXuqXfgMLvAnyceXJCtexR5kBo:GZgBDAyVXJpZgBDAyVXJwBo
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-