General
-
Target
141c83addbfb33e4869c7f7a384ac0d5_JaffaCakes118
-
Size
963KB
-
Sample
240329-a1e88ade42
-
MD5
141c83addbfb33e4869c7f7a384ac0d5
-
SHA1
1c413434a2d683dd6ab06c2b0b95eea58639731c
-
SHA256
cd3bb572b0caf1a700c8c68c6d2638680345ec0f87fbe8024b60d3e405d6561d
-
SHA512
132360f7fd7a6cf75791dd9787ecc65204f4066f20e3995300ee654f30a1b9a14f694b11b553c04eae906e15b64364df76b62be69009767761d1798ec06ecc18
-
SSDEEP
12288:KoUOHKWg5pj3lnY0hES5k79BA95e0Mp6IFsgJinHI0:Kovqj60hqDAK0rImgJino0
Static task
static1
Behavioral task
behavioral1
Sample
141c83addbfb33e4869c7f7a384ac0d5_JaffaCakes118.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
141c83addbfb33e4869c7f7a384ac0d5_JaffaCakes118.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sharpn.com - Port:
587 - Username:
export@sharpn.com - Password:
)^$(6$n3eSDoq@@##$$###
Targets
-
-
Target
141c83addbfb33e4869c7f7a384ac0d5_JaffaCakes118
-
Size
963KB
-
MD5
141c83addbfb33e4869c7f7a384ac0d5
-
SHA1
1c413434a2d683dd6ab06c2b0b95eea58639731c
-
SHA256
cd3bb572b0caf1a700c8c68c6d2638680345ec0f87fbe8024b60d3e405d6561d
-
SHA512
132360f7fd7a6cf75791dd9787ecc65204f4066f20e3995300ee654f30a1b9a14f694b11b553c04eae906e15b64364df76b62be69009767761d1798ec06ecc18
-
SSDEEP
12288:KoUOHKWg5pj3lnY0hES5k79BA95e0Mp6IFsgJinHI0:Kovqj60hqDAK0rImgJino0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-