General
-
Target
6fb0972ff4f409802923e6dbddded2bd_JaffaCakes118
-
Size
858KB
-
Sample
240524-ytpfbahf94
-
MD5
6fb0972ff4f409802923e6dbddded2bd
-
SHA1
1f18b61910bead774e87824189e925e17723b256
-
SHA256
a93f51a2685bc2a56a36a482e045ae7d5ae2055e7176b54cee959966c2d06f66
-
SHA512
30fadf132728b543894c4eea0cf9568815c64c9113c83a31553f676d1f3706ac615bcafdc95019bd29f2f656978c704de18c75ad47804bc13828c368258c2ce1
-
SSDEEP
12288:34jGha4fxBa4wlDKffkMZvhxgnjeQZbzO/p38esKCCTiL+nC/Eiv9HZGnx/M88r:3KlaBa1sMMZvIniOzOh3QKC+iD/Eiay
Static task
static1
Behavioral task
behavioral1
Sample
6fb0972ff4f409802923e6dbddded2bd_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6fb0972ff4f409802923e6dbddded2bd_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yussmed.com - Port:
587 - Username:
[email protected] - Password:
IXhBF@r0
Targets
-
-
Target
6fb0972ff4f409802923e6dbddded2bd_JaffaCakes118
-
Size
858KB
-
MD5
6fb0972ff4f409802923e6dbddded2bd
-
SHA1
1f18b61910bead774e87824189e925e17723b256
-
SHA256
a93f51a2685bc2a56a36a482e045ae7d5ae2055e7176b54cee959966c2d06f66
-
SHA512
30fadf132728b543894c4eea0cf9568815c64c9113c83a31553f676d1f3706ac615bcafdc95019bd29f2f656978c704de18c75ad47804bc13828c368258c2ce1
-
SSDEEP
12288:34jGha4fxBa4wlDKffkMZvhxgnjeQZbzO/p38esKCCTiL+nC/Eiv9HZGnx/M88r:3KlaBa1sMMZvIniOzOh3QKC+iD/Eiay
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-