General
-
Target
1ee44484fbff286d938ea7294e304015_JaffaCakes118
-
Size
476KB
-
Sample
240329-lv9fnafb46
-
MD5
1ee44484fbff286d938ea7294e304015
-
SHA1
27ce985155c17141597a8b1a03e1b35ae26fe110
-
SHA256
8a6f8fd88f09ab37819e57b04bac18db5b055ca3ea3a0c0096e3a620a7911800
-
SHA512
a44475cc25d338a925523413cce33a464a199b5b92f3b142c56222078a698a9c26a646c7aaeb641e89c5d58359e2d1c7ea89967b59f46394c078b272a4e7dc7c
-
SSDEEP
12288:EwcTXpZ8uJ1eHJNtXDj9O0Kyc1QM13QSBGgNYP:ECikH/tzj6x17tdBf
Static task
static1
Behavioral task
behavioral1
Sample
1ee44484fbff286d938ea7294e304015_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1ee44484fbff286d938ea7294e304015_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.vector-kl.com - Port:
587 - Username:
[email protected] - Password:
AminVectorKL202)
Targets
-
-
Target
1ee44484fbff286d938ea7294e304015_JaffaCakes118
-
Size
476KB
-
MD5
1ee44484fbff286d938ea7294e304015
-
SHA1
27ce985155c17141597a8b1a03e1b35ae26fe110
-
SHA256
8a6f8fd88f09ab37819e57b04bac18db5b055ca3ea3a0c0096e3a620a7911800
-
SHA512
a44475cc25d338a925523413cce33a464a199b5b92f3b142c56222078a698a9c26a646c7aaeb641e89c5d58359e2d1c7ea89967b59f46394c078b272a4e7dc7c
-
SSDEEP
12288:EwcTXpZ8uJ1eHJNtXDj9O0Kyc1QM13QSBGgNYP:ECikH/tzj6x17tdBf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-