General
-
Target
21f8f0c7c3a20cf495b776f34a9700ab_JaffaCakes118
-
Size
396KB
-
Sample
240329-pmqv5agf2y
-
MD5
21f8f0c7c3a20cf495b776f34a9700ab
-
SHA1
dbccc05967ca5dba0957b980861414ad00f9a1f1
-
SHA256
cf16f6af27aef277eb68e81dce012ce2b3a5724ab9f0a6b95e53e50143743ec8
-
SHA512
80383dd3f913299958cf65d7e2c835b4220bda9c596b094aa8db0f7ad03dbe459f5daceb986f1f8930cf415f7b4e662881faaf595e6ed0669c24fb737604182b
-
SSDEEP
6144:MkKBwuYl2YykWKw9Cpo1QqNDLHNcxefalniYYwQ/mO4FskEAFgw:MkK8ldyt0pofnHNDMqJpcg
Static task
static1
Behavioral task
behavioral1
Sample
21f8f0c7c3a20cf495b776f34a9700ab_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
21f8f0c7c3a20cf495b776f34a9700ab_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
xxxlahot2
Targets
-
-
Target
21f8f0c7c3a20cf495b776f34a9700ab_JaffaCakes118
-
Size
396KB
-
MD5
21f8f0c7c3a20cf495b776f34a9700ab
-
SHA1
dbccc05967ca5dba0957b980861414ad00f9a1f1
-
SHA256
cf16f6af27aef277eb68e81dce012ce2b3a5724ab9f0a6b95e53e50143743ec8
-
SHA512
80383dd3f913299958cf65d7e2c835b4220bda9c596b094aa8db0f7ad03dbe459f5daceb986f1f8930cf415f7b4e662881faaf595e6ed0669c24fb737604182b
-
SSDEEP
6144:MkKBwuYl2YykWKw9Cpo1QqNDLHNcxefalniYYwQ/mO4FskEAFgw:MkK8ldyt0pofnHNDMqJpcg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-