Resubmissions
29-03-2024 14:27
240329-rss9jsba97General
-
Target
246b78329cdef1989c4f27b411312162_JaffaCakes118
-
Size
718KB
-
Sample
240329-rss9jsba97
-
MD5
246b78329cdef1989c4f27b411312162
-
SHA1
b6ac11752aa87dbda5095f4906216dec11ec49ec
-
SHA256
eeb14fae34a305b9bf24954715705b38bdb20f50d785383c0ab7d3ec4a28c1cf
-
SHA512
3d12b5c1fbb70169a2c63cb8556deea1ff334ef1df1e6f302c87fc4e325a4aa9cb71cfdcbaccf173cfb9db25548ea92c63aa2eae561c9901e06fdc5c4d3508fe
-
SSDEEP
6144:Wyo3eVzVExarcrPrAKcrIzlakgN6w0lPvyN4EllRQi4thwrjoKfbcAG8l0qPmZOM:Wyo8LrCcIz/gN6L9vL66iGhiJJPI7U
Static task
static1
Behavioral task
behavioral1
Sample
246b78329cdef1989c4f27b411312162_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
246b78329cdef1989c4f27b411312162_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.montarotul.es - Port:
587 - Username:
[email protected] - Password:
mig5831
Targets
-
-
Target
246b78329cdef1989c4f27b411312162_JaffaCakes118
-
Size
718KB
-
MD5
246b78329cdef1989c4f27b411312162
-
SHA1
b6ac11752aa87dbda5095f4906216dec11ec49ec
-
SHA256
eeb14fae34a305b9bf24954715705b38bdb20f50d785383c0ab7d3ec4a28c1cf
-
SHA512
3d12b5c1fbb70169a2c63cb8556deea1ff334ef1df1e6f302c87fc4e325a4aa9cb71cfdcbaccf173cfb9db25548ea92c63aa2eae561c9901e06fdc5c4d3508fe
-
SSDEEP
6144:Wyo3eVzVExarcrPrAKcrIzlakgN6w0lPvyN4EllRQi4thwrjoKfbcAG8l0qPmZOM:Wyo8LrCcIz/gN6L9vL66iGhiJJPI7U
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-