General
-
Target
e60a3148433b0c4a7ddcf0d5e5da82aa_JaffaCakes118
-
Size
630KB
-
Sample
240917-ezch6athqh
-
MD5
e60a3148433b0c4a7ddcf0d5e5da82aa
-
SHA1
7be4c86f6f254931a75cd9ac890d3c7761dcbc35
-
SHA256
140698ca33bee59b84d6f9ba9f26f39ead1bedadf4ab2bf44fea445e1e3bffef
-
SHA512
f3cdc0a15e92a28b9cd5265f0a9bba88793f17fa645863001eaf92634c035846ac43f50e57ca91bdb853e4d468754e521c044cfe9d65ce3937180fee9d484aa6
-
SSDEEP
12288:mP+l/FZgj5j2e4hf3+UFHibyb982w6E1jLI3KwrusFvs7U5dO/g7dA:mcgV2eSdSyby23ejLSVuqvV/O/gBA
Static task
static1
Behavioral task
behavioral1
Sample
e60a3148433b0c4a7ddcf0d5e5da82aa_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.curidesigner.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
e60a3148433b0c4a7ddcf0d5e5da82aa_JaffaCakes118
-
Size
630KB
-
MD5
e60a3148433b0c4a7ddcf0d5e5da82aa
-
SHA1
7be4c86f6f254931a75cd9ac890d3c7761dcbc35
-
SHA256
140698ca33bee59b84d6f9ba9f26f39ead1bedadf4ab2bf44fea445e1e3bffef
-
SHA512
f3cdc0a15e92a28b9cd5265f0a9bba88793f17fa645863001eaf92634c035846ac43f50e57ca91bdb853e4d468754e521c044cfe9d65ce3937180fee9d484aa6
-
SSDEEP
12288:mP+l/FZgj5j2e4hf3+UFHibyb982w6E1jLI3KwrusFvs7U5dO/g7dA:mcgV2eSdSyby23ejLSVuqvV/O/gBA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-