General
-
Target
06de5d7a4d6459a95b3027489fb6c169_JaffaCakes118
-
Size
398KB
-
Sample
240328-qvnleafd3y
-
MD5
06de5d7a4d6459a95b3027489fb6c169
-
SHA1
462fbadc94dd49cd20b6b58c34dffaa3d13d49c4
-
SHA256
726efd10333dd1cbd4c65e94122f9e05e3d9ccf0ff1caed8ddb421f37689283c
-
SHA512
09c8954123fb7ed3064ffd9505c11857a406b1451b466100e9b64b5e486b52622f193e2b1587c7cf419fce2185a39fde046602e4fbe71410e9ae85c10d5cb221
-
SSDEEP
12288:IoUKKKEJEePudkcC/OGPQ7f1INHRQEQna:TJKnJxPuqT/GIRFQn
Static task
static1
Behavioral task
behavioral1
Sample
06de5d7a4d6459a95b3027489fb6c169_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
06de5d7a4d6459a95b3027489fb6c169_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
m-konieczny@europecell.eu - Password:
DuBoBaO1
Targets
-
-
Target
06de5d7a4d6459a95b3027489fb6c169_JaffaCakes118
-
Size
398KB
-
MD5
06de5d7a4d6459a95b3027489fb6c169
-
SHA1
462fbadc94dd49cd20b6b58c34dffaa3d13d49c4
-
SHA256
726efd10333dd1cbd4c65e94122f9e05e3d9ccf0ff1caed8ddb421f37689283c
-
SHA512
09c8954123fb7ed3064ffd9505c11857a406b1451b466100e9b64b5e486b52622f193e2b1587c7cf419fce2185a39fde046602e4fbe71410e9ae85c10d5cb221
-
SSDEEP
12288:IoUKKKEJEePudkcC/OGPQ7f1INHRQEQna:TJKnJxPuqT/GIRFQn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-