General
-
Target
e690d59b12f6a5401d1b4da6b23fe3c2_JaffaCakes118
-
Size
1.5MB
-
Sample
240917-lz42qsxand
-
MD5
e690d59b12f6a5401d1b4da6b23fe3c2
-
SHA1
5f751a8324ccf596860fd31d2f3db9b3affe460a
-
SHA256
47a9974b269509d17fbf227d45544966ccdb676c16779d65668c147d770f45f1
-
SHA512
c75c687edd5a1a07cf52cf8c1391c25d3c94967ce88c8b78a22d1130c0a8ef57e1f4864677060d1d7b8e5c279c7bff04200a84262bed7025fe705e248cd19df8
-
SSDEEP
49152:Zh+ZkldoPKi2aXLMhZi3Kdn3PJAk8D01N:a2cPKiY7n3PJ78D
Static task
static1
Behavioral task
behavioral1
Sample
e690d59b12f6a5401d1b4da6b23fe3c2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e690d59b12f6a5401d1b4da6b23fe3c2_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flyxpo.com - Port:
587 - Username:
[email protected] - Password:
Success0803959
Targets
-
-
Target
e690d59b12f6a5401d1b4da6b23fe3c2_JaffaCakes118
-
Size
1.5MB
-
MD5
e690d59b12f6a5401d1b4da6b23fe3c2
-
SHA1
5f751a8324ccf596860fd31d2f3db9b3affe460a
-
SHA256
47a9974b269509d17fbf227d45544966ccdb676c16779d65668c147d770f45f1
-
SHA512
c75c687edd5a1a07cf52cf8c1391c25d3c94967ce88c8b78a22d1130c0a8ef57e1f4864677060d1d7b8e5c279c7bff04200a84262bed7025fe705e248cd19df8
-
SSDEEP
49152:Zh+ZkldoPKi2aXLMhZi3Kdn3PJAk8D01N:a2cPKiY7n3PJ78D
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-