General
-
Target
defc91ac80fb820761b7187efd5d1007_JaffaCakes118
-
Size
763KB
-
Sample
240913-115f8a1gjl
-
MD5
defc91ac80fb820761b7187efd5d1007
-
SHA1
ef83b8b97d935b9612ba3676dcb744710db2bde1
-
SHA256
d0c9890950968fc4d2c9c7c5f5f71b1425ce9f501bfaf05f010131c4df690f88
-
SHA512
9db63ce18044a27289a6362789c6a0a50c58f18826fafef650d701e0406cc23290c9f065fd27e1f030a1122578b112ff24e1ba629cc3ec6d5d46a45b4f9fdaa2
-
SSDEEP
12288:uuP5UcKgQvHN7LtEY+iHCYHSuqrCt1OkwV3Hntt0DSFlw+0fIdREu:uu7Kg0LtEGCySQt1hwV3HnllwI
Static task
static1
Behavioral task
behavioral1
Sample
defc91ac80fb820761b7187efd5d1007_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.es - Port:
587 - Username:
[email protected] - Password:
sug3sol3
Targets
-
-
Target
defc91ac80fb820761b7187efd5d1007_JaffaCakes118
-
Size
763KB
-
MD5
defc91ac80fb820761b7187efd5d1007
-
SHA1
ef83b8b97d935b9612ba3676dcb744710db2bde1
-
SHA256
d0c9890950968fc4d2c9c7c5f5f71b1425ce9f501bfaf05f010131c4df690f88
-
SHA512
9db63ce18044a27289a6362789c6a0a50c58f18826fafef650d701e0406cc23290c9f065fd27e1f030a1122578b112ff24e1ba629cc3ec6d5d46a45b4f9fdaa2
-
SSDEEP
12288:uuP5UcKgQvHN7LtEY+iHCYHSuqrCt1OkwV3Hntt0DSFlw+0fIdREu:uu7Kg0LtEGCySQt1hwV3HnllwI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-