General
-
Target
e20ae62ec170770b0894386536b12e49_JaffaCakes118
-
Size
746KB
-
Sample
240915-j1hh1stdpg
-
MD5
e20ae62ec170770b0894386536b12e49
-
SHA1
8d06c52138c541bc9142075a2137567be687b6f7
-
SHA256
b96dabac33821df6545c701a60d0bef4ac6177d7c3ffbf04320b583148acf84c
-
SHA512
e51b8b023417ce55798f0628da45c4376b487c3d0532b8af6bcc08cdb14b6c30ad1f41c35ab96e0ba43c66752fdb5557cef1ade96550c11c14ee09444e6d41ff
-
SSDEEP
12288:HjKbZZMZpiAmmnO1PzkEXqUwNNDFChvKvOPdKNWXLzkfLtJ2GMEotYJLNWewp3Tw:Hu6piAmmOdlqJNwf27MEotYJZWeO3jw
Static task
static1
Behavioral task
behavioral1
Sample
e20ae62ec170770b0894386536b12e49_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e20ae62ec170770b0894386536b12e49_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alsayyadi.com - Port:
587 - Username:
[email protected] - Password:
sayyadi2017_2018
Targets
-
-
Target
e20ae62ec170770b0894386536b12e49_JaffaCakes118
-
Size
746KB
-
MD5
e20ae62ec170770b0894386536b12e49
-
SHA1
8d06c52138c541bc9142075a2137567be687b6f7
-
SHA256
b96dabac33821df6545c701a60d0bef4ac6177d7c3ffbf04320b583148acf84c
-
SHA512
e51b8b023417ce55798f0628da45c4376b487c3d0532b8af6bcc08cdb14b6c30ad1f41c35ab96e0ba43c66752fdb5557cef1ade96550c11c14ee09444e6d41ff
-
SSDEEP
12288:HjKbZZMZpiAmmnO1PzkEXqUwNNDFChvKvOPdKNWXLzkfLtJ2GMEotYJLNWewp3Tw:Hu6piAmmOdlqJNwf27MEotYJZWeO3jw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-