General
-
Target
dd664ec6d8c7ee931799bf5fea8de3a1_JaffaCakes118
-
Size
433KB
-
Sample
240406-g3lbkscd9y
-
MD5
dd664ec6d8c7ee931799bf5fea8de3a1
-
SHA1
7f00b0e16829429f2b71e7860f42a00286214aac
-
SHA256
1e6ec6f7a104787ec1f1c4da75a520ac98635afbda35e9be7735a3712efb2a6f
-
SHA512
ffcffa5da89cc83a8982d6d34b6d6b35f09798ad399659339d3e06bed2d4bb2aa5f7a90f427f8c6f76724cc74bbea8a3bad399b5eda7ba9a68d227dc48efc377
-
SSDEEP
6144:Dg3a0n4oIxntRZLBznOkDedEJ0CfL7F6X6SF9jyMDZ8sbS3GzwcY:z0nkx911LcX6SFJpqu5Ep
Static task
static1
Behavioral task
behavioral1
Sample
dd664ec6d8c7ee931799bf5fea8de3a1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dd664ec6d8c7ee931799bf5fea8de3a1_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
LHfoeKM@700123
Targets
-
-
Target
dd664ec6d8c7ee931799bf5fea8de3a1_JaffaCakes118
-
Size
433KB
-
MD5
dd664ec6d8c7ee931799bf5fea8de3a1
-
SHA1
7f00b0e16829429f2b71e7860f42a00286214aac
-
SHA256
1e6ec6f7a104787ec1f1c4da75a520ac98635afbda35e9be7735a3712efb2a6f
-
SHA512
ffcffa5da89cc83a8982d6d34b6d6b35f09798ad399659339d3e06bed2d4bb2aa5f7a90f427f8c6f76724cc74bbea8a3bad399b5eda7ba9a68d227dc48efc377
-
SSDEEP
6144:Dg3a0n4oIxntRZLBznOkDedEJ0CfL7F6X6SF9jyMDZ8sbS3GzwcY:z0nkx911LcX6SFJpqu5Ep
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-