General
-
Target
120e555c6bd701aecfb36f851f5a4782_JaffaCakes118
-
Size
1.0MB
-
Sample
240328-2s6jzsah7v
-
MD5
120e555c6bd701aecfb36f851f5a4782
-
SHA1
2e54fa8e4843e0a11169d4019fcbda27654e8096
-
SHA256
20ee9ee7d02539faf4da844dc11c849edf7c7e73cc5a7f2e38d4b2db7cef8846
-
SHA512
0bcadb8106ed698b673e664c23f599c7d97ed92f905aed1ee90ba5eb17300cbfa01f563c85dc736ba6172a47f4e13e2345b56fe330a1aa6bf5ac69d06c5487b7
-
SSDEEP
24576:rAOcZEhJBDC6qaS9P9QPrwua6TPY5I7nT1RMwa+wf:tPha59Qw96c5IzTXM7+A
Static task
static1
Behavioral task
behavioral1
Sample
120e555c6bd701aecfb36f851f5a4782_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
120e555c6bd701aecfb36f851f5a4782_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thts.vn - Port:
587 - Username:
sales01@mtlvn.com.vn - Password:
123luongngan1989 - Email To:
osmomnh@gmail.com
Targets
-
-
Target
120e555c6bd701aecfb36f851f5a4782_JaffaCakes118
-
Size
1.0MB
-
MD5
120e555c6bd701aecfb36f851f5a4782
-
SHA1
2e54fa8e4843e0a11169d4019fcbda27654e8096
-
SHA256
20ee9ee7d02539faf4da844dc11c849edf7c7e73cc5a7f2e38d4b2db7cef8846
-
SHA512
0bcadb8106ed698b673e664c23f599c7d97ed92f905aed1ee90ba5eb17300cbfa01f563c85dc736ba6172a47f4e13e2345b56fe330a1aa6bf5ac69d06c5487b7
-
SSDEEP
24576:rAOcZEhJBDC6qaS9P9QPrwua6TPY5I7nT1RMwa+wf:tPha59Qw96c5IzTXM7+A
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-