General
-
Target
4ae888539f1fbfc8f3d85a7cbddd400e_JaffaCakes118
-
Size
710KB
-
Sample
241016-cbg3maxane
-
MD5
4ae888539f1fbfc8f3d85a7cbddd400e
-
SHA1
87aaafdb3e7883809e61213da9dec927dd415ff3
-
SHA256
153265c19c8e564e27b6895708a3a3e3fe7923ce8a6619e31b7bc59ac1ec9335
-
SHA512
d92c19f5faeb4cb18fc2af1c51647ce7983ef3f9a8b3c328b48b66c1084846cfd41f4f495130761d00230c9dbd629720e2a8de7af7997cdeb791455fcfc3a8b0
-
SSDEEP
12288:8Aw5R2iNeHK7znpGTcRidW7uBEjzEe+nEsJlxsHbJDv9ceDhPm:8Awz1bL/RPEEMeyEIMlv9O
Static task
static1
Behavioral task
behavioral1
Sample
4ae888539f1fbfc8f3d85a7cbddd400e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4ae888539f1fbfc8f3d85a7cbddd400e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.brimaq.com - Port:
587 - Username:
[email protected] - Password:
brimaQ2012 - Email To:
[email protected]
Targets
-
-
Target
4ae888539f1fbfc8f3d85a7cbddd400e_JaffaCakes118
-
Size
710KB
-
MD5
4ae888539f1fbfc8f3d85a7cbddd400e
-
SHA1
87aaafdb3e7883809e61213da9dec927dd415ff3
-
SHA256
153265c19c8e564e27b6895708a3a3e3fe7923ce8a6619e31b7bc59ac1ec9335
-
SHA512
d92c19f5faeb4cb18fc2af1c51647ce7983ef3f9a8b3c328b48b66c1084846cfd41f4f495130761d00230c9dbd629720e2a8de7af7997cdeb791455fcfc3a8b0
-
SSDEEP
12288:8Aw5R2iNeHK7znpGTcRidW7uBEjzEe+nEsJlxsHbJDv9ceDhPm:8Awz1bL/RPEEMeyEIMlv9O
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-