General
-
Target
08f1ec502ecfa226f8d932efe0c39c8c_JaffaCakes118
-
Size
667KB
-
Sample
240328-smj95ahd3s
-
MD5
08f1ec502ecfa226f8d932efe0c39c8c
-
SHA1
78d5dc529125f9caf07de0292d504e8f98a6db8f
-
SHA256
28be313c29aa0d92e7a3dbb349a1af15375755d3343352caa8041bcbcdaa4496
-
SHA512
de274992c1e7bfcd142589b9ab222a5f2ba0dff88a0599096028ead2d83624dc1bbdbeae88c38e31fa9b35436c4c796dfc30cf7c85c9a62598e9654eb63ae95a
-
SSDEEP
12288:ussbXphXpUSBVx5CsCC9bs2k63O4rfDOnjdyVsydee4BZ/VhBbLVlHK:usap1ppB0+s2l3OQ+jdM
Static task
static1
Behavioral task
behavioral1
Sample
08f1ec502ecfa226f8d932efe0c39c8c_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
08f1ec502ecfa226f8d932efe0c39c8c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bsia.co.in - Port:
587 - Username:
yogesh@bsia.co.in - Password:
21mbsia@)@!Y
Targets
-
-
Target
08f1ec502ecfa226f8d932efe0c39c8c_JaffaCakes118
-
Size
667KB
-
MD5
08f1ec502ecfa226f8d932efe0c39c8c
-
SHA1
78d5dc529125f9caf07de0292d504e8f98a6db8f
-
SHA256
28be313c29aa0d92e7a3dbb349a1af15375755d3343352caa8041bcbcdaa4496
-
SHA512
de274992c1e7bfcd142589b9ab222a5f2ba0dff88a0599096028ead2d83624dc1bbdbeae88c38e31fa9b35436c4c796dfc30cf7c85c9a62598e9654eb63ae95a
-
SSDEEP
12288:ussbXphXpUSBVx5CsCC9bs2k63O4rfDOnjdyVsydee4BZ/VhBbLVlHK:usap1ppB0+s2l3OQ+jdM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-