General
-
Target
1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118
-
Size
677KB
-
Sample
240701-2s3hbsydjj
-
MD5
1cce68b5010bd304aaba3bb313bd429f
-
SHA1
77504d731a02f8688d429659417a9189d6bb6936
-
SHA256
18b652472f58937d30d767dbccef9d2999214abf745f6369ae18fc9d5f6541de
-
SHA512
35ae97d74a3a38d192836802f625457a9cee5a71b69622f5a22c7577144f65798ae4859d01f7cb42a59be0f4950728b36968e005261773a60d39ae04f9ecd56d
-
SSDEEP
12288:UtpY10t0Rx6qLaSOxufHCOmuAVnOqTl7wYRZ73rK1Dl5KS4:Ucit0DajIfPHMTl7wKWdM
Static task
static1
Behavioral task
behavioral1
Sample
1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iymorenterprizelogs.com - Port:
587 - Username:
[email protected] - Password:
J5Sg1}K~=c4#
Targets
-
-
Target
1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118
-
Size
677KB
-
MD5
1cce68b5010bd304aaba3bb313bd429f
-
SHA1
77504d731a02f8688d429659417a9189d6bb6936
-
SHA256
18b652472f58937d30d767dbccef9d2999214abf745f6369ae18fc9d5f6541de
-
SHA512
35ae97d74a3a38d192836802f625457a9cee5a71b69622f5a22c7577144f65798ae4859d01f7cb42a59be0f4950728b36968e005261773a60d39ae04f9ecd56d
-
SSDEEP
12288:UtpY10t0Rx6qLaSOxufHCOmuAVnOqTl7wYRZ73rK1Dl5KS4:Ucit0DajIfPHMTl7wKWdM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-