General
-
Target
f15b04a60fe78ef35e1e328b63573dcb_JaffaCakes118
-
Size
1.5MB
-
Sample
240922-f1vxkatcqn
-
MD5
f15b04a60fe78ef35e1e328b63573dcb
-
SHA1
a015733c2bf6413a8b39a9cbb6b73db6014e75e9
-
SHA256
e5d423a6616b9ced30a4d93f6f253f6000f5f2730266c8da2cd12e59d05f4ea0
-
SHA512
148c58d077475904621e243285ce4ddd6683f742e720b15f41b7fbd2d0f9afb5473e90893afe8978767372dd5037624256b95897cbe35a16a8282a729ada1ced
-
SSDEEP
24576:2u6J33O0c+JY5UZ+XC0kGso6Fa+F7SZ23I/Rt4wtADTVx0IY8EPLqrh/JphWY:Yu0c++OCvkGs9Fa+FeZKIFmDf0N8G+5r
Static task
static1
Behavioral task
behavioral1
Sample
f15b04a60fe78ef35e1e328b63573dcb_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f15b04a60fe78ef35e1e328b63573dcb_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.generce.com - Port:
587 - Username:
[email protected] - Password:
rYLGz!p8
Targets
-
-
Target
f15b04a60fe78ef35e1e328b63573dcb_JaffaCakes118
-
Size
1.5MB
-
MD5
f15b04a60fe78ef35e1e328b63573dcb
-
SHA1
a015733c2bf6413a8b39a9cbb6b73db6014e75e9
-
SHA256
e5d423a6616b9ced30a4d93f6f253f6000f5f2730266c8da2cd12e59d05f4ea0
-
SHA512
148c58d077475904621e243285ce4ddd6683f742e720b15f41b7fbd2d0f9afb5473e90893afe8978767372dd5037624256b95897cbe35a16a8282a729ada1ced
-
SSDEEP
24576:2u6J33O0c+JY5UZ+XC0kGso6Fa+F7SZ23I/Rt4wtADTVx0IY8EPLqrh/JphWY:Yu0c++OCvkGs9Fa+FeZKIFmDf0N8G+5r
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-