General
-
Target
ac87ea1feb04a537ded074ed6decc498_JaffaCakes118
-
Size
1001KB
-
Sample
240615-cgwg7swaja
-
MD5
ac87ea1feb04a537ded074ed6decc498
-
SHA1
8b5c2bdc296f36edf81c22f64ae4370b5279e2c3
-
SHA256
9b3a4e8995b4abd7596009d4d52e156b2d70600084c006d692e83578df3aee16
-
SHA512
fdf2ef01ec8ad895b1569261890a0612fa1783f4bdcb3b9b60060681c177673e5741aedb0da7c34530dc001dd8e8bb7d8287e209c52ca15891b99b23134f08f1
-
SSDEEP
12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFxUKyurILLcQAf0jRcD4H:WFBrny7d7eqq2Z324XIU5wcPrl+VKW
Static task
static1
Behavioral task
behavioral1
Sample
ac87ea1feb04a537ded074ed6decc498_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ac87ea1feb04a537ded074ed6decc498_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
ac87ea1feb04a537ded074ed6decc498_JaffaCakes118
-
Size
1001KB
-
MD5
ac87ea1feb04a537ded074ed6decc498
-
SHA1
8b5c2bdc296f36edf81c22f64ae4370b5279e2c3
-
SHA256
9b3a4e8995b4abd7596009d4d52e156b2d70600084c006d692e83578df3aee16
-
SHA512
fdf2ef01ec8ad895b1569261890a0612fa1783f4bdcb3b9b60060681c177673e5741aedb0da7c34530dc001dd8e8bb7d8287e209c52ca15891b99b23134f08f1
-
SSDEEP
12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFxUKyurILLcQAf0jRcD4H:WFBrny7d7eqq2Z324XIU5wcPrl+VKW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-