General
-
Target
2e50e9df7bbf8d24198eb8dff860cc45_JaffaCakes118
-
Size
840KB
-
Sample
240329-2arm4sca92
-
MD5
2e50e9df7bbf8d24198eb8dff860cc45
-
SHA1
770d50b0063e5bf318857de414474de0f44d5030
-
SHA256
ffbd9f2074b2eaa45f8562aa8cef8e7e71e8302789e4c6e199b2e15b67adc3c4
-
SHA512
2a2cde1b3af51f0407569c9050ce1d22c8505c5cec813a6a405093ad40c2350e0ea8fe2d687069459d06052f1ba1853651367dc068c6143dcdfef12258a0c069
-
SSDEEP
12288:Evf3JDIL6tSpW0jtsHEN2LqDE0Pmoxj9svVXkZFFbl:CIIkW0xrN2YhmgUVXkZ
Static task
static1
Behavioral task
behavioral1
Sample
2e50e9df7bbf8d24198eb8dff860cc45_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2e50e9df7bbf8d24198eb8dff860cc45_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
[email protected] - Password:
Jg#4321
Targets
-
-
Target
2e50e9df7bbf8d24198eb8dff860cc45_JaffaCakes118
-
Size
840KB
-
MD5
2e50e9df7bbf8d24198eb8dff860cc45
-
SHA1
770d50b0063e5bf318857de414474de0f44d5030
-
SHA256
ffbd9f2074b2eaa45f8562aa8cef8e7e71e8302789e4c6e199b2e15b67adc3c4
-
SHA512
2a2cde1b3af51f0407569c9050ce1d22c8505c5cec813a6a405093ad40c2350e0ea8fe2d687069459d06052f1ba1853651367dc068c6143dcdfef12258a0c069
-
SSDEEP
12288:Evf3JDIL6tSpW0jtsHEN2LqDE0Pmoxj9svVXkZFFbl:CIIkW0xrN2YhmgUVXkZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-