General
-
Target
e5578d8189525e3b27ce4bbdddf67e1b_JaffaCakes118
-
Size
1.2MB
-
Sample
240407-ts6kzsgh55
-
MD5
e5578d8189525e3b27ce4bbdddf67e1b
-
SHA1
9fc7e6de99ac5a3dd5e57a4471a8e1ce1c64d708
-
SHA256
7100f855ef506197a7bb88083c84893a8fa1f6aad9c70740c19c20277681d582
-
SHA512
8bf027bfdd6fd41be53a221792d1a6815979f2dc4f398946d86de9ba1755f326dc79ed32490694eed4eca7b355966378f16118c888bc49682c77a23e12a4e77e
-
SSDEEP
24576:gr3kgtKj5jTNYgLAc+xiI5PXyz2aGfZSp:E8KGAcv6aE
Static task
static1
Behavioral task
behavioral1
Sample
e5578d8189525e3b27ce4bbdddf67e1b_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e5578d8189525e3b27ce4bbdddf67e1b_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
e5578d8189525e3b27ce4bbdddf67e1b_JaffaCakes118
-
Size
1.2MB
-
MD5
e5578d8189525e3b27ce4bbdddf67e1b
-
SHA1
9fc7e6de99ac5a3dd5e57a4471a8e1ce1c64d708
-
SHA256
7100f855ef506197a7bb88083c84893a8fa1f6aad9c70740c19c20277681d582
-
SHA512
8bf027bfdd6fd41be53a221792d1a6815979f2dc4f398946d86de9ba1755f326dc79ed32490694eed4eca7b355966378f16118c888bc49682c77a23e12a4e77e
-
SSDEEP
24576:gr3kgtKj5jTNYgLAc+xiI5PXyz2aGfZSp:E8KGAcv6aE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-