General
-
Target
0d6840466b56c843b972bc15cce3906f_JaffaCakes118
-
Size
593KB
-
Sample
240625-kj3nasyhna
-
MD5
0d6840466b56c843b972bc15cce3906f
-
SHA1
ec8f0de75e2ba42aea0a46499f1bfa70d19fbd32
-
SHA256
98d3c983c65e9037d5eafe697a56176dc475e0d4cc620bd1eb5213dfbc034dbd
-
SHA512
4e6c325a82e4f7625151c7b6c81d4edd77239529ac0b6b43450dc99f1e3c259f6dda800701b8e0c428485570697eef569e917e793110e17a5f7112c9512b3ac0
-
SSDEEP
12288:G8yR/EtVYav/AnMhcBefF4yzLtJ3MAaS0mdpGcS5b5bcjMe6ksAMMq30:G5oAMhculntJcAaImbxiMmsnMq30
Static task
static1
Behavioral task
behavioral1
Sample
0d6840466b56c843b972bc15cce3906f_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0d6840466b56c843b972bc15cce3906f_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jjfconsultores.com - Port:
587 - Username:
[email protected] - Password:
primapolitica - Email To:
[email protected]
Targets
-
-
Target
0d6840466b56c843b972bc15cce3906f_JaffaCakes118
-
Size
593KB
-
MD5
0d6840466b56c843b972bc15cce3906f
-
SHA1
ec8f0de75e2ba42aea0a46499f1bfa70d19fbd32
-
SHA256
98d3c983c65e9037d5eafe697a56176dc475e0d4cc620bd1eb5213dfbc034dbd
-
SHA512
4e6c325a82e4f7625151c7b6c81d4edd77239529ac0b6b43450dc99f1e3c259f6dda800701b8e0c428485570697eef569e917e793110e17a5f7112c9512b3ac0
-
SSDEEP
12288:G8yR/EtVYav/AnMhcBefF4yzLtJ3MAaS0mdpGcS5b5bcjMe6ksAMMq30:G5oAMhculntJcAaImbxiMmsnMq30
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-