General
-
Target
e24b703300666a1a5ca0493661554672_JaffaCakes118
-
Size
517KB
-
Sample
240915-mslggszhmq
-
MD5
e24b703300666a1a5ca0493661554672
-
SHA1
51fdb761b14f0a1d234b589b9cafacf5ae466889
-
SHA256
3a1b8abd7d2b6342f5ec31f3d61b7ba3b12d7d67244c5d6e379fd403620b60f5
-
SHA512
f7fc05a4e44524508076b4eff86594209bdea43815d84f9d3a29bfee330aaacb0edb7972f06d998030e59b20b174723c3382fd13ee11bea9a719b38355c66c9d
-
SSDEEP
12288:N2occ0W3VTVB4g8s3+R3IYlP1sY0wexK2IjoW:N2rc0Wmm+R3xltD03l
Static task
static1
Behavioral task
behavioral1
Sample
e24b703300666a1a5ca0493661554672_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e24b703300666a1a5ca0493661554672_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.palletsolutions.ca - Port:
587 - Username:
[email protected] - Password:
h~Q+QV.(M2?!
Targets
-
-
Target
e24b703300666a1a5ca0493661554672_JaffaCakes118
-
Size
517KB
-
MD5
e24b703300666a1a5ca0493661554672
-
SHA1
51fdb761b14f0a1d234b589b9cafacf5ae466889
-
SHA256
3a1b8abd7d2b6342f5ec31f3d61b7ba3b12d7d67244c5d6e379fd403620b60f5
-
SHA512
f7fc05a4e44524508076b4eff86594209bdea43815d84f9d3a29bfee330aaacb0edb7972f06d998030e59b20b174723c3382fd13ee11bea9a719b38355c66c9d
-
SSDEEP
12288:N2occ0W3VTVB4g8s3+R3IYlP1sY0wexK2IjoW:N2rc0Wmm+R3xltD03l
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-