General
-
Target
aa7ed6764e239ff973c34ee9c96a3477_JaffaCakes118
-
Size
544KB
-
Sample
240614-s6gy4sxapf
-
MD5
aa7ed6764e239ff973c34ee9c96a3477
-
SHA1
678b42d7d05a1e38b57ae7edcad4ac2b272a1071
-
SHA256
250767d2c74519fe12a67bdd1623889e860ac32c27b375416b548f9714ff6aff
-
SHA512
5a93aa871d15aa4f96fc8b638e1d9a13e9e7af6e289b9a323bd2d9c5fcbd9bc1200c562392ba40f2da289b80bcff5def496e74afdad9f0699ef8ef953bf69f33
-
SSDEEP
6144:tOscs+/WwQzFC5RSVUj6Bq31DUy0gPm6rQN+KbkP+6obTi7Qhu6HTeeReDGSGROL:8sclPQRVUqu1DUp6rrnpQ446GWyNO8w
Static task
static1
Behavioral task
behavioral1
Sample
aa7ed6764e239ff973c34ee9c96a3477_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
aa7ed6764e239ff973c34ee9c96a3477_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.trinityealtd.com - Port:
587 - Username:
[email protected] - Password:
T@Trinity
Targets
-
-
Target
aa7ed6764e239ff973c34ee9c96a3477_JaffaCakes118
-
Size
544KB
-
MD5
aa7ed6764e239ff973c34ee9c96a3477
-
SHA1
678b42d7d05a1e38b57ae7edcad4ac2b272a1071
-
SHA256
250767d2c74519fe12a67bdd1623889e860ac32c27b375416b548f9714ff6aff
-
SHA512
5a93aa871d15aa4f96fc8b638e1d9a13e9e7af6e289b9a323bd2d9c5fcbd9bc1200c562392ba40f2da289b80bcff5def496e74afdad9f0699ef8ef953bf69f33
-
SSDEEP
6144:tOscs+/WwQzFC5RSVUj6Bq31DUy0gPm6rQN+KbkP+6obTi7Qhu6HTeeReDGSGROL:8sclPQRVUqu1DUp6rrnpQ446GWyNO8w
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-