General
-
Target
23973cb9baa01a886c7551d666ba7006_JaffaCakes118
-
Size
866KB
-
Sample
240329-q3fwjahh3t
-
MD5
23973cb9baa01a886c7551d666ba7006
-
SHA1
097f07fd6db247bcac29ef8f5e8566e7f19d2227
-
SHA256
a7ae2c69ff2d3d5ebb15f69f9151bb99ee3ed333fdd42eb75b7044161bf8818e
-
SHA512
8ad5424fc34e15d27b688de10029e31faa4c70a109c4daebba45dba74d0723f294b39004b5ae0f782c475c6e5b7bd0c42aafac7112b6c46e90b866419e749a59
-
SSDEEP
24576:NgTiy5KGy4xaxvSVXr4L4852MMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMX:Ng+gaIr46MMMMMMMMMMMuMMMMMMMMMMw
Static task
static1
Behavioral task
behavioral1
Sample
23973cb9baa01a886c7551d666ba7006_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23973cb9baa01a886c7551d666ba7006_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.indiacarpet.in - Port:
587 - Username:
[email protected] - Password:
india@12345
Targets
-
-
Target
23973cb9baa01a886c7551d666ba7006_JaffaCakes118
-
Size
866KB
-
MD5
23973cb9baa01a886c7551d666ba7006
-
SHA1
097f07fd6db247bcac29ef8f5e8566e7f19d2227
-
SHA256
a7ae2c69ff2d3d5ebb15f69f9151bb99ee3ed333fdd42eb75b7044161bf8818e
-
SHA512
8ad5424fc34e15d27b688de10029e31faa4c70a109c4daebba45dba74d0723f294b39004b5ae0f782c475c6e5b7bd0c42aafac7112b6c46e90b866419e749a59
-
SSDEEP
24576:NgTiy5KGy4xaxvSVXr4L4852MMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMX:Ng+gaIr46MMMMMMMMMMMuMMMMMMMMMMw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-