General
-
Target
e2a49c233a452b28ac18c1060c1ad474_JaffaCakes118
-
Size
582KB
-
Sample
240915-q91jhswfqa
-
MD5
e2a49c233a452b28ac18c1060c1ad474
-
SHA1
f619fadeed6fa83843a39b2809375d46c2f052b9
-
SHA256
a12d309a4b54674529d65dcb7783ac33522f3d302ad058ec9953bd3c8d637a18
-
SHA512
feb011c2fc923d863c97e3014254f4769da0c8fe69b20523d3cabd5eef7d6357465b013fd1dd7725a12ba8fb30ade8b306c7497a6edba3453300e0c92d72db10
-
SSDEEP
12288:+xoc6Ycjld21fNlRUkNrpMMDhxTAtgarLWEjU6q49tR/h0UJ+0TwVTMsM:+Fcmr9S6xTAtdrL//rJlMtT
Static task
static1
Behavioral task
behavioral1
Sample
e2a49c233a452b28ac18c1060c1ad474_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.udupis.com - Port:
587 - Username:
[email protected] - Password:
skills150
Targets
-
-
Target
e2a49c233a452b28ac18c1060c1ad474_JaffaCakes118
-
Size
582KB
-
MD5
e2a49c233a452b28ac18c1060c1ad474
-
SHA1
f619fadeed6fa83843a39b2809375d46c2f052b9
-
SHA256
a12d309a4b54674529d65dcb7783ac33522f3d302ad058ec9953bd3c8d637a18
-
SHA512
feb011c2fc923d863c97e3014254f4769da0c8fe69b20523d3cabd5eef7d6357465b013fd1dd7725a12ba8fb30ade8b306c7497a6edba3453300e0c92d72db10
-
SSDEEP
12288:+xoc6Ycjld21fNlRUkNrpMMDhxTAtgarLWEjU6q49tR/h0UJ+0TwVTMsM:+Fcmr9S6xTAtdrL//rJlMtT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-