General
-
Target
2574e4162c4d7eb4e22f27b1cc0a2ed1_JaffaCakes118
-
Size
1.1MB
-
Sample
240329-sqyxpabc8v
-
MD5
2574e4162c4d7eb4e22f27b1cc0a2ed1
-
SHA1
52568f7b1875a5348a2f96b6c9c1a1d40a9b17bc
-
SHA256
708b9ae34868a88d757269f4fb80d7a3aeef2a6c2372bf8e1e59d2135aa97cb6
-
SHA512
6bf5291dfb5dd3477a71120a35d70611d28e2aa3ece927dbefc923750a0e0ee48dfc1ee9e3e72a542bf2d312c868a4427a7e65335a975e88fe14387b1f0ff653
-
SSDEEP
12288:DB3hvog0Sp91C1Fu1kfUC0RCEBFW2pTFEMRh9uvFDFTH0P+xVbNBDgo6t4Vk1ne2:vBF1CvYl7C+pKMr927xdDDgoxiFss
Static task
static1
Behavioral task
behavioral1
Sample
2574e4162c4d7eb4e22f27b1cc0a2ed1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2574e4162c4d7eb4e22f27b1cc0a2ed1_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.midlightfashion.com - Port:
587 - Username:
[email protected] - Password:
Emon01082019
Targets
-
-
Target
2574e4162c4d7eb4e22f27b1cc0a2ed1_JaffaCakes118
-
Size
1.1MB
-
MD5
2574e4162c4d7eb4e22f27b1cc0a2ed1
-
SHA1
52568f7b1875a5348a2f96b6c9c1a1d40a9b17bc
-
SHA256
708b9ae34868a88d757269f4fb80d7a3aeef2a6c2372bf8e1e59d2135aa97cb6
-
SHA512
6bf5291dfb5dd3477a71120a35d70611d28e2aa3ece927dbefc923750a0e0ee48dfc1ee9e3e72a542bf2d312c868a4427a7e65335a975e88fe14387b1f0ff653
-
SSDEEP
12288:DB3hvog0Sp91C1Fu1kfUC0RCEBFW2pTFEMRh9uvFDFTH0P+xVbNBDgo6t4Vk1ne2:vBF1CvYl7C+pKMr927xdDDgoxiFss
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-