General
-
Target
b94fc43994550c2c3f922b0f9367a3d4_JaffaCakes118
-
Size
628KB
-
Sample
240617-wqka3sycqf
-
MD5
b94fc43994550c2c3f922b0f9367a3d4
-
SHA1
64d557d909bbc57902e2d4b1f8e08ee0f2b16c7e
-
SHA256
a1164f44afc2ceee90a833e950f23a3bb69c4557331cadb35e4f95bf335f1b27
-
SHA512
9d7ae392ad79471c8f295caa8e0746dca7a11f202084bbb04dcc2feef456881524332755c5d8c90fd18945ef4aa688619c7c4cc5327b855e93781a4837a9cb6a
-
SSDEEP
12288:+zTMGv2zv1gJ0XgTXXtQHK+oF/Mqo5SZYd/i6+Eu2CbnF:+zTS2c0XSUNMNS61v+EB
Static task
static1
Behavioral task
behavioral1
Sample
b94fc43994550c2c3f922b0f9367a3d4_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b94fc43994550c2c3f922b0f9367a3d4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
stanstan22
Targets
-
-
Target
b94fc43994550c2c3f922b0f9367a3d4_JaffaCakes118
-
Size
628KB
-
MD5
b94fc43994550c2c3f922b0f9367a3d4
-
SHA1
64d557d909bbc57902e2d4b1f8e08ee0f2b16c7e
-
SHA256
a1164f44afc2ceee90a833e950f23a3bb69c4557331cadb35e4f95bf335f1b27
-
SHA512
9d7ae392ad79471c8f295caa8e0746dca7a11f202084bbb04dcc2feef456881524332755c5d8c90fd18945ef4aa688619c7c4cc5327b855e93781a4837a9cb6a
-
SSDEEP
12288:+zTMGv2zv1gJ0XgTXXtQHK+oF/Mqo5SZYd/i6+Eu2CbnF:+zTS2c0XSUNMNS61v+EB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-