General
-
Target
971c9af24c935f6d8b14e6cf8e85a1a4_JaffaCakes118
-
Size
274KB
-
Sample
240605-d557zsdb7t
-
MD5
971c9af24c935f6d8b14e6cf8e85a1a4
-
SHA1
47e827d0709ee7cf23dec18c695b30bb21c37b40
-
SHA256
c75035a9d20e8c0c04f6054e270cf85588d4dc555000be1f25d3f70e6973a71f
-
SHA512
caab8ad0f76543dd4d2e538a6a525d7588e91c053f14c1fb59537d704a280c6d90ecb62245de69daf88499e14b3091eb44076d51ad7e0b2b03f34a50d50f8199
-
SSDEEP
6144:TJpuHrfUq/GcZ1wE2r0qOMqTkoRkmA0R1ooachYh0l4LJ0eEGEtLnOq99e7s:TJMHrfUq9OpuTkoR1AzpSu0l4LJ0eEG4
Static task
static1
Behavioral task
behavioral1
Sample
971c9af24c935f6d8b14e6cf8e85a1a4_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
971c9af24c935f6d8b14e6cf8e85a1a4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://server.siaemic.cam/ - Port:
21 - Username:
[email protected] - Password:
y$tyu,dZhyt$
Targets
-
-
Target
971c9af24c935f6d8b14e6cf8e85a1a4_JaffaCakes118
-
Size
274KB
-
MD5
971c9af24c935f6d8b14e6cf8e85a1a4
-
SHA1
47e827d0709ee7cf23dec18c695b30bb21c37b40
-
SHA256
c75035a9d20e8c0c04f6054e270cf85588d4dc555000be1f25d3f70e6973a71f
-
SHA512
caab8ad0f76543dd4d2e538a6a525d7588e91c053f14c1fb59537d704a280c6d90ecb62245de69daf88499e14b3091eb44076d51ad7e0b2b03f34a50d50f8199
-
SSDEEP
6144:TJpuHrfUq/GcZ1wE2r0qOMqTkoRkmA0R1ooachYh0l4LJ0eEGEtLnOq99e7s:TJMHrfUq9OpuTkoR1AzpSu0l4LJ0eEG4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-