General
-
Target
e270465e6b6189d23b54d5b89cbb82bf_JaffaCakes118
-
Size
1.3MB
-
Sample
240915-n8p1aatdnk
-
MD5
e270465e6b6189d23b54d5b89cbb82bf
-
SHA1
6b9cf7c30263c28117ef60c9db2c83725039ccd2
-
SHA256
aaeb8dbb55dfc7eae9879ef959b1321b70c90784ed1c434cd4fd4583e92cf163
-
SHA512
7a1482bf10998dd4862497dadcbb6dcd74ce09098c70bf56b342bcd8379b895a6e081e2ea6470ab05463f2a8a369d94119d07d8a437fa893d8a90a179710374a
-
SSDEEP
24576:ddiZucOaCrYz4jEmW/g+7Rr+yyRQRJNS41zFFCn8L6yUmgxG+WSSr6aS7:3cyrKmW/PlBRTS41Cn+GlMSSmaS
Static task
static1
Behavioral task
behavioral1
Sample
e270465e6b6189d23b54d5b89cbb82bf_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e270465e6b6189d23b54d5b89cbb82bf_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Targets
-
-
Target
e270465e6b6189d23b54d5b89cbb82bf_JaffaCakes118
-
Size
1.3MB
-
MD5
e270465e6b6189d23b54d5b89cbb82bf
-
SHA1
6b9cf7c30263c28117ef60c9db2c83725039ccd2
-
SHA256
aaeb8dbb55dfc7eae9879ef959b1321b70c90784ed1c434cd4fd4583e92cf163
-
SHA512
7a1482bf10998dd4862497dadcbb6dcd74ce09098c70bf56b342bcd8379b895a6e081e2ea6470ab05463f2a8a369d94119d07d8a437fa893d8a90a179710374a
-
SSDEEP
24576:ddiZucOaCrYz4jEmW/g+7Rr+yyRQRJNS41zFFCn8L6yUmgxG+WSSr6aS7:3cyrKmW/PlBRTS41Cn+GlMSSmaS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-