General
-
Target
b76f5e51139b755fd2eb8337e5ed946c_JaffaCakes118
-
Size
869KB
-
Sample
240617-jgs6eavbrq
-
MD5
b76f5e51139b755fd2eb8337e5ed946c
-
SHA1
bf87d55e0e5a0259c67fe6ec10e9b05bdd228191
-
SHA256
8c43781ca53cc179ef7f99b187cc44d4d373de4daca6da99862d91afe4ec8636
-
SHA512
4ce455cbf298d5e89daf03595c09762dcefab97398d1088365fff8c6b85a00f16867fff8f26ef1295ecc2879025f1f49471fe1edba4386a9670e0e0f636bf4bc
-
SSDEEP
12288:pn3nwBeZBUPtcUoJ2JIuDhvVnzcpI0ZHbMF298xUOyRbBab6vvwRG:dnLZiPt42JIudVwFZbZSxUOsBnvwA
Static task
static1
Behavioral task
behavioral1
Sample
b76f5e51139b755fd2eb8337e5ed946c_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b76f5e51139b755fd2eb8337e5ed946c_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
afoerinwa123456789
Targets
-
-
Target
b76f5e51139b755fd2eb8337e5ed946c_JaffaCakes118
-
Size
869KB
-
MD5
b76f5e51139b755fd2eb8337e5ed946c
-
SHA1
bf87d55e0e5a0259c67fe6ec10e9b05bdd228191
-
SHA256
8c43781ca53cc179ef7f99b187cc44d4d373de4daca6da99862d91afe4ec8636
-
SHA512
4ce455cbf298d5e89daf03595c09762dcefab97398d1088365fff8c6b85a00f16867fff8f26ef1295ecc2879025f1f49471fe1edba4386a9670e0e0f636bf4bc
-
SSDEEP
12288:pn3nwBeZBUPtcUoJ2JIuDhvVnzcpI0ZHbMF298xUOyRbBab6vvwRG:dnLZiPt42JIudVwFZbZSxUOsBnvwA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-