General
-
Target
fa8a727c5c81364a6e4f405965f7a516_JaffaCakes118
-
Size
770KB
-
Sample
240927-rdgbfayclc
-
MD5
fa8a727c5c81364a6e4f405965f7a516
-
SHA1
eda6ceba474fc409c008c7311b26e5514c988c34
-
SHA256
1c06a29a4078bc203b0b31f8736940cbd58adb8934128147bd454c87902cb0de
-
SHA512
2b332c908f751a243c4f37992fed27459785ed41b6a930a4f51688fcd9455871c4ca180b8e2f653a3925a4e0fac6b640871bc865ab0b4429cfc2724c7d9723e2
-
SSDEEP
12288:m3APyh5OSbu8O+8EnUEQQwVXMtDr+erO52JPqevkATp2pYiGG5TCNVEvHIDWbzPD:q5Lr4rOX5upAQZZ
Static task
static1
Behavioral task
behavioral1
Sample
fa8a727c5c81364a6e4f405965f7a516_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa8a727c5c81364a6e4f405965f7a516_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
memesking67
Targets
-
-
Target
fa8a727c5c81364a6e4f405965f7a516_JaffaCakes118
-
Size
770KB
-
MD5
fa8a727c5c81364a6e4f405965f7a516
-
SHA1
eda6ceba474fc409c008c7311b26e5514c988c34
-
SHA256
1c06a29a4078bc203b0b31f8736940cbd58adb8934128147bd454c87902cb0de
-
SHA512
2b332c908f751a243c4f37992fed27459785ed41b6a930a4f51688fcd9455871c4ca180b8e2f653a3925a4e0fac6b640871bc865ab0b4429cfc2724c7d9723e2
-
SSDEEP
12288:m3APyh5OSbu8O+8EnUEQQwVXMtDr+erO52JPqevkATp2pYiGG5TCNVEvHIDWbzPD:q5Lr4rOX5upAQZZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-