Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118
-
Size
613KB
-
Sample
240909-gse2tavclp
-
MD5
d5c24009c08ca3a3947c816adfa67ec9
-
SHA1
5d4a36adaf7dcd92547bd32b90d1ecd2da7ffaaf
-
SHA256
01f872c387017a3d557af1267c771afcc5db55420c53c1367b8d88f137a8e5d7
-
SHA512
5946326d44d2000670a9bc9af35f8a1a606444a24f6b78928b1553f9e0875482ba59e8d0afccc785c6909d1b0028c86b814361b802b407ebe4664bff07b326c0
-
SSDEEP
12288:OH9Lv2zv1gklQ/b6Ig4eNgurxylZVYTDH1Qk9dZP:OHw2k6g4YNylXuH1z9dZP
Static task
static1
Behavioral task
behavioral1
Sample
d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
js}$_IlwF1q4
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
js}$_IlwF1q4
Targets
-
-
Target
d5c24009c08ca3a3947c816adfa67ec9_JaffaCakes118
-
Size
613KB
-
MD5
d5c24009c08ca3a3947c816adfa67ec9
-
SHA1
5d4a36adaf7dcd92547bd32b90d1ecd2da7ffaaf
-
SHA256
01f872c387017a3d557af1267c771afcc5db55420c53c1367b8d88f137a8e5d7
-
SHA512
5946326d44d2000670a9bc9af35f8a1a606444a24f6b78928b1553f9e0875482ba59e8d0afccc785c6909d1b0028c86b814361b802b407ebe4664bff07b326c0
-
SSDEEP
12288:OH9Lv2zv1gklQ/b6Ig4eNgurxylZVYTDH1Qk9dZP:OHw2k6g4YNylXuH1z9dZP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-