General
-
Target
f01449c55210412c6905617968f9c3dc_JaffaCakes118
-
Size
1.4MB
-
Sample
240921-sqya6aygme
-
MD5
f01449c55210412c6905617968f9c3dc
-
SHA1
f157fdc5eb736f4b95c1bc774602480fd942562a
-
SHA256
7d2da3fa9e581b2947ed5a187fa3f5d1abdbe26698130d63932e08752890c62c
-
SHA512
e705b7a892d8d9aa72221517060b5851cc4134284ea454efa2396d77f755c944a8b3987cb320ca0f7880393318b4856dc6d1b7ed34e952a92b55a1c92029138e
-
SSDEEP
24576:1u6Jx3O0c+JY5UZ+XC0kGso/WaontcnNCN20WpCf9GTKZaWY:XI0c++OCvkGsUWaoNY
Static task
static1
Behavioral task
behavioral1
Sample
f01449c55210412c6905617968f9c3dc_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f01449c55210412c6905617968f9c3dc_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
f01449c55210412c6905617968f9c3dc_JaffaCakes118
-
Size
1.4MB
-
MD5
f01449c55210412c6905617968f9c3dc
-
SHA1
f157fdc5eb736f4b95c1bc774602480fd942562a
-
SHA256
7d2da3fa9e581b2947ed5a187fa3f5d1abdbe26698130d63932e08752890c62c
-
SHA512
e705b7a892d8d9aa72221517060b5851cc4134284ea454efa2396d77f755c944a8b3987cb320ca0f7880393318b4856dc6d1b7ed34e952a92b55a1c92029138e
-
SSDEEP
24576:1u6Jx3O0c+JY5UZ+XC0kGso/WaontcnNCN20WpCf9GTKZaWY:XI0c++OCvkGsUWaoNY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-