General
-
Target
e26d7be6048d0c785f65f77b012ee715_JaffaCakes118
-
Size
604KB
-
Sample
240915-n417rasenc
-
MD5
e26d7be6048d0c785f65f77b012ee715
-
SHA1
eeb6d42fbb960fcadb0290444ecdb7f4c80d9ea4
-
SHA256
27570dc435f85d656611a92a0a64d2a01c89a5f9beab6b4306276e056a36f13b
-
SHA512
994420fab010fde6e7204ba04be718a2bc7f9a51ff5f8b61006c60a1fc777727d31b5797fe7068bfe45c7e184715f6264938d48ede1d122dff3706460907983c
-
SSDEEP
12288:ssocSptndh0EIehMgb6cjWZqNeUXaTsrmJT6YashlM0JT6YashlM:hpSpJdh06b6cjaEoTx9ashlV9ashl
Static task
static1
Behavioral task
behavioral1
Sample
e26d7be6048d0c785f65f77b012ee715_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e26d7be6048d0c785f65f77b012ee715_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fuslia.com - Port:
587 - Username:
[email protected] - Password:
blessmegod@77
Targets
-
-
Target
e26d7be6048d0c785f65f77b012ee715_JaffaCakes118
-
Size
604KB
-
MD5
e26d7be6048d0c785f65f77b012ee715
-
SHA1
eeb6d42fbb960fcadb0290444ecdb7f4c80d9ea4
-
SHA256
27570dc435f85d656611a92a0a64d2a01c89a5f9beab6b4306276e056a36f13b
-
SHA512
994420fab010fde6e7204ba04be718a2bc7f9a51ff5f8b61006c60a1fc777727d31b5797fe7068bfe45c7e184715f6264938d48ede1d122dff3706460907983c
-
SSDEEP
12288:ssocSptndh0EIehMgb6cjWZqNeUXaTsrmJT6YashlM0JT6YashlM:hpSpJdh06b6cjaEoTx9ashlV9ashl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-