General
-
Target
1b8967a79880dfff1a89796c914a9535_JaffaCakes118
-
Size
980KB
-
Sample
240329-hqajzsca2y
-
MD5
1b8967a79880dfff1a89796c914a9535
-
SHA1
65c723076961c27a33bc59bc1915ab8c9ebd73ca
-
SHA256
3bff4a308ecd13d7ee25b1327195eb52319660f220377dfc2224ac987ad97778
-
SHA512
91070539e9c157989e12165faf5a0fbcc97027668428e3e5389193a9bf4bb9bfcb43a03f9d6807ba25c6207380d6926503ab04db4099f1957eb890b90a0384f9
-
SSDEEP
24576:rAOcZEhB5zKb28JW6WTq6ai0bagi7vzJ/:ta2E0Tq6d4a5vt
Static task
static1
Behavioral task
behavioral1
Sample
1b8967a79880dfff1a89796c914a9535_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b8967a79880dfff1a89796c914a9535_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure300.inmotionhosting.com - Port:
587 - Username:
[email protected] - Password:
HCBo3_tl-nKP1@
Targets
-
-
Target
1b8967a79880dfff1a89796c914a9535_JaffaCakes118
-
Size
980KB
-
MD5
1b8967a79880dfff1a89796c914a9535
-
SHA1
65c723076961c27a33bc59bc1915ab8c9ebd73ca
-
SHA256
3bff4a308ecd13d7ee25b1327195eb52319660f220377dfc2224ac987ad97778
-
SHA512
91070539e9c157989e12165faf5a0fbcc97027668428e3e5389193a9bf4bb9bfcb43a03f9d6807ba25c6207380d6926503ab04db4099f1957eb890b90a0384f9
-
SSDEEP
24576:rAOcZEhB5zKb28JW6WTq6ai0bagi7vzJ/:ta2E0Tq6d4a5vt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-