General
-
Target
1e0768fa61e965284fbff3eab92779d1_JaffaCakes118
-
Size
521KB
-
Sample
240329-k187eaee23
-
MD5
1e0768fa61e965284fbff3eab92779d1
-
SHA1
2d9a6210f28f6676d51046c83f41060b4fc9a7df
-
SHA256
5f988a44f737e7a647f11f6f8c059a3c86a152d5da09d37f0dc9d2e56f9ca224
-
SHA512
bc41fcc03bb5beed085e793376ea97951773347bdd71a7cff5b6914e5ca8fa8f0c00349b7fb5728931b6bb3b9fb1c49faa71c7dd3d3b0b39215596e3b369ab37
-
SSDEEP
12288:344tRfe8qpalE9qsMG7ttM8iYJE1A+0ki1RIXPaRAAFgkt4TnP0T4q5/D6L2wo36:3DJQVYuZxY6FB2uC7
Static task
static1
Behavioral task
behavioral1
Sample
1e0768fa61e965284fbff3eab92779d1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1e0768fa61e965284fbff3eab92779d1_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
19ada#jid1
Targets
-
-
Target
1e0768fa61e965284fbff3eab92779d1_JaffaCakes118
-
Size
521KB
-
MD5
1e0768fa61e965284fbff3eab92779d1
-
SHA1
2d9a6210f28f6676d51046c83f41060b4fc9a7df
-
SHA256
5f988a44f737e7a647f11f6f8c059a3c86a152d5da09d37f0dc9d2e56f9ca224
-
SHA512
bc41fcc03bb5beed085e793376ea97951773347bdd71a7cff5b6914e5ca8fa8f0c00349b7fb5728931b6bb3b9fb1c49faa71c7dd3d3b0b39215596e3b369ab37
-
SSDEEP
12288:344tRfe8qpalE9qsMG7ttM8iYJE1A+0ki1RIXPaRAAFgkt4TnP0T4q5/D6L2wo36:3DJQVYuZxY6FB2uC7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-