General
-
Target
0dc6e9a9b2edd1dcd61ca1cead55ae9d_JaffaCakes118
-
Size
631KB
-
Sample
240328-xxqxwaeh83
-
MD5
0dc6e9a9b2edd1dcd61ca1cead55ae9d
-
SHA1
5b0fc28b39570e5e9882d9a97939679e2239815a
-
SHA256
470f0b85b6de45f2de6dc59a8858e814bffda487135ed449dcbe5b5e76f34f6c
-
SHA512
154f815e34c41d03de8c02f88f2dcbac85d4064d60c6f9bc1744f4d16c9515ad3327a55b0bd353d4e5f7710f24a688f0b4258bf5aac56983e6bd20448dfdb22c
-
SSDEEP
12288:EiS0PkhLfUJ83T1xSXy+tOrhgCTLQNujb5l5QQ0VSB:E50PaLsJ8JEAh/TLQ4Vlg4B
Static task
static1
Behavioral task
behavioral1
Sample
0dc6e9a9b2edd1dcd61ca1cead55ae9d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0dc6e9a9b2edd1dcd61ca1cead55ae9d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zakolata.bg - Port:
587 - Username:
gaza@zakolata.bg - Password:
8X1jorEV^qc_
Targets
-
-
Target
0dc6e9a9b2edd1dcd61ca1cead55ae9d_JaffaCakes118
-
Size
631KB
-
MD5
0dc6e9a9b2edd1dcd61ca1cead55ae9d
-
SHA1
5b0fc28b39570e5e9882d9a97939679e2239815a
-
SHA256
470f0b85b6de45f2de6dc59a8858e814bffda487135ed449dcbe5b5e76f34f6c
-
SHA512
154f815e34c41d03de8c02f88f2dcbac85d4064d60c6f9bc1744f4d16c9515ad3327a55b0bd353d4e5f7710f24a688f0b4258bf5aac56983e6bd20448dfdb22c
-
SSDEEP
12288:EiS0PkhLfUJ83T1xSXy+tOrhgCTLQNujb5l5QQ0VSB:E50PaLsJ8JEAh/TLQ4Vlg4B
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-