General
-
Target
6e886d34eb989d51f7ca3435617aea39_JaffaCakes118
-
Size
1.6MB
-
Sample
240524-pp6z5acb22
-
MD5
6e886d34eb989d51f7ca3435617aea39
-
SHA1
d6ceb38b675cd9c05d0c929b48f202ca6c8ea670
-
SHA256
a966049a6aae7074cbe4fc2a5d9d635a7e2f014b50ccfc18f21960fad954d84d
-
SHA512
e6838dbfcc151a709feaaddfdea262032d19d33e72fa1da126cdeee2c12d8e9ce962e04cd0e086b4f4b40cc096f14fd21263d948f4594867e1de4c9b3aa267d4
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXSmdav1ONQP4s6CLOhkI393S0mo9QUg6yUJ9lAvo4:Fh+ZkldoPKi2avkDYL7y99QpUJI5
Static task
static1
Behavioral task
behavioral1
Sample
6e886d34eb989d51f7ca3435617aea39_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6e886d34eb989d51f7ca3435617aea39_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.antolini.tk - Port:
587 - Username:
[email protected] - Password:
chinyerewaga2019
Targets
-
-
Target
6e886d34eb989d51f7ca3435617aea39_JaffaCakes118
-
Size
1.6MB
-
MD5
6e886d34eb989d51f7ca3435617aea39
-
SHA1
d6ceb38b675cd9c05d0c929b48f202ca6c8ea670
-
SHA256
a966049a6aae7074cbe4fc2a5d9d635a7e2f014b50ccfc18f21960fad954d84d
-
SHA512
e6838dbfcc151a709feaaddfdea262032d19d33e72fa1da126cdeee2c12d8e9ce962e04cd0e086b4f4b40cc096f14fd21263d948f4594867e1de4c9b3aa267d4
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXSmdav1ONQP4s6CLOhkI393S0mo9QUg6yUJ9lAvo4:Fh+ZkldoPKi2avkDYL7y99QpUJI5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-