General
-
Target
e5911fb28a4ba5506cbb3ca9dc80c2a4_JaffaCakes118
-
Size
1.0MB
-
Sample
240916-zvywtazcma
-
MD5
e5911fb28a4ba5506cbb3ca9dc80c2a4
-
SHA1
94c99a29e3bfcffd48c1b4a1ebe6c52b2812b930
-
SHA256
02d2245407e821f555f2a1356e1e23c47cf3530fbc4bf9eadd268fb7a504b8c0
-
SHA512
f9ad2e3fbc1f20d80ac2dfcd6f37198cfb83c754e8eb753b82667f53dd14107131e75097682ed3b2519a0899988cb9be7fcde8c6e1fb45300223e7a2ab66ab90
-
SSDEEP
12288:JmmWpzZDRj6jRPLjRPqjBjjyjBjBjBjBjLjm8Q6BMvZFm9l5/QxRhubLmrHQxjUs:k8fMvm9/ORhuwMjU5
Static task
static1
Behavioral task
behavioral1
Sample
e5911fb28a4ba5506cbb3ca9dc80c2a4_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.psbusinesparks.com - Port:
587 - Username:
[email protected] - Password:
Alterative432
Targets
-
-
Target
e5911fb28a4ba5506cbb3ca9dc80c2a4_JaffaCakes118
-
Size
1.0MB
-
MD5
e5911fb28a4ba5506cbb3ca9dc80c2a4
-
SHA1
94c99a29e3bfcffd48c1b4a1ebe6c52b2812b930
-
SHA256
02d2245407e821f555f2a1356e1e23c47cf3530fbc4bf9eadd268fb7a504b8c0
-
SHA512
f9ad2e3fbc1f20d80ac2dfcd6f37198cfb83c754e8eb753b82667f53dd14107131e75097682ed3b2519a0899988cb9be7fcde8c6e1fb45300223e7a2ab66ab90
-
SSDEEP
12288:JmmWpzZDRj6jRPLjRPqjBjjyjBjBjBjBjLjm8Q6BMvZFm9l5/QxRhubLmrHQxjUs:k8fMvm9/ORhuwMjU5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-