General
-
Target
f0cd6c6c9a2b0a10f046f758ce556733_JaffaCakes118
-
Size
658KB
-
Sample
240921-26zzcszbka
-
MD5
f0cd6c6c9a2b0a10f046f758ce556733
-
SHA1
cd86f791349612edf05567811371af7861d4d6a3
-
SHA256
ee1c143dfd43e7f8bd7c3ef297c33627659b89399aee0c87be8d5f55100a80cb
-
SHA512
b2dd00d48e5db398d519dbb2a78673d09505ac60fbb53e13f1f1cc3fe96329734b752eea5b5ab21bcb4ef9a96949a306b83146bbca6498c05c7534a60a35ab1d
-
SSDEEP
12288:3I7VCfPCIgcKof9pgUVWBoUaCwXZV+bmmT2GHKSuZTTP7jbu0sGa/P8So0xMjvLe:3I7QygfPgUVWiUaCU0mo2khwvLe
Static task
static1
Behavioral task
behavioral1
Sample
f0cd6c6c9a2b0a10f046f758ce556733_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f0cd6c6c9a2b0a10f046f758ce556733_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidmail.ec - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@ - Email To:
[email protected]
Targets
-
-
Target
f0cd6c6c9a2b0a10f046f758ce556733_JaffaCakes118
-
Size
658KB
-
MD5
f0cd6c6c9a2b0a10f046f758ce556733
-
SHA1
cd86f791349612edf05567811371af7861d4d6a3
-
SHA256
ee1c143dfd43e7f8bd7c3ef297c33627659b89399aee0c87be8d5f55100a80cb
-
SHA512
b2dd00d48e5db398d519dbb2a78673d09505ac60fbb53e13f1f1cc3fe96329734b752eea5b5ab21bcb4ef9a96949a306b83146bbca6498c05c7534a60a35ab1d
-
SSDEEP
12288:3I7VCfPCIgcKof9pgUVWBoUaCwXZV+bmmT2GHKSuZTTP7jbu0sGa/P8So0xMjvLe:3I7QygfPgUVWiUaCU0mo2khwvLe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-