General
-
Target
0a6fcc4627e486c6cd85957c3694ccd5_JaffaCakes118
-
Size
608KB
-
Sample
240328-txan4sbe43
-
MD5
0a6fcc4627e486c6cd85957c3694ccd5
-
SHA1
442c0a15ba8a2277bfc0f96523014a0409eb7df8
-
SHA256
05ffd4250cdb4aa6a1e05dc2db5a0c293f2ab7fcfd39ee493bd66098ad0411ca
-
SHA512
31ec2db7a9a10168f43d138efee94fb6c2fc3f5c2fbdc550e634f96867ea7a824a5c5a8589721e45014e60bb6dc4c246f1c2a717446b8b28b7d14a425f22d35e
-
SSDEEP
12288:E5hvBUZ/QYRHB2vyJn7qg52pGw4qhnkkUC41Fa0:qpUCYxWm79GJkkF
Static task
static1
Behavioral task
behavioral1
Sample
0a6fcc4627e486c6cd85957c3694ccd5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0a6fcc4627e486c6cd85957c3694ccd5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.africa-eco-resp.com - Port:
587 - Username:
hmutombo@africa-eco-resp.com - Password:
Hubert@2018
Targets
-
-
Target
0a6fcc4627e486c6cd85957c3694ccd5_JaffaCakes118
-
Size
608KB
-
MD5
0a6fcc4627e486c6cd85957c3694ccd5
-
SHA1
442c0a15ba8a2277bfc0f96523014a0409eb7df8
-
SHA256
05ffd4250cdb4aa6a1e05dc2db5a0c293f2ab7fcfd39ee493bd66098ad0411ca
-
SHA512
31ec2db7a9a10168f43d138efee94fb6c2fc3f5c2fbdc550e634f96867ea7a824a5c5a8589721e45014e60bb6dc4c246f1c2a717446b8b28b7d14a425f22d35e
-
SSDEEP
12288:E5hvBUZ/QYRHB2vyJn7qg52pGw4qhnkkUC41Fa0:qpUCYxWm79GJkkF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-