General
-
Target
f11f34f9b8d03cd0e3ad76f65b14d604_JaffaCakes118
-
Size
612KB
-
Sample
240922-c7ktdsycja
-
MD5
f11f34f9b8d03cd0e3ad76f65b14d604
-
SHA1
fe9381a4b57c295954744db12aee91e1147a38ca
-
SHA256
7330843cc033439a7451656bdc0723f9b64f19eb8ba5da0ef4d65aa665b76d3a
-
SHA512
1aca8259403a44c8c9408bf976a332f26b1d62760e6a14d9765e2d38a4653e2decc4edd704cec709d8364e1c06faf6489169525b9ac04bfb2fb1a621a4c80bab
-
SSDEEP
12288:q1PLka6eiP0Q6tbFvsOELKbddpUcDXp/qGe8Sv4aXm6rz5y7:wY/sT9FkKdpnUd804ek
Static task
static1
Behavioral task
behavioral1
Sample
f11f34f9b8d03cd0e3ad76f65b14d604_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f11f34f9b8d03cd0e3ad76f65b14d604_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tpts4seed.net - Port:
587 - Username:
[email protected] - Password:
krested123
Targets
-
-
Target
f11f34f9b8d03cd0e3ad76f65b14d604_JaffaCakes118
-
Size
612KB
-
MD5
f11f34f9b8d03cd0e3ad76f65b14d604
-
SHA1
fe9381a4b57c295954744db12aee91e1147a38ca
-
SHA256
7330843cc033439a7451656bdc0723f9b64f19eb8ba5da0ef4d65aa665b76d3a
-
SHA512
1aca8259403a44c8c9408bf976a332f26b1d62760e6a14d9765e2d38a4653e2decc4edd704cec709d8364e1c06faf6489169525b9ac04bfb2fb1a621a4c80bab
-
SSDEEP
12288:q1PLka6eiP0Q6tbFvsOELKbddpUcDXp/qGe8Sv4aXm6rz5y7:wY/sT9FkKdpnUd804ek
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-