General
-
Target
e5b9b74eebb668057efbc291ba737833_JaffaCakes118
-
Size
619KB
-
Sample
240407-yk7kjadc53
-
MD5
e5b9b74eebb668057efbc291ba737833
-
SHA1
f9a0d97699b87ec7e7b510da48368ebffb5c1aa4
-
SHA256
577dec5b1c3f42aec4b810355f14d307ee665979f89f3b1fec1ef8a854ca5bf4
-
SHA512
6320001a328efb37c02e5b8dd188b421233af446515c321e2afe7a7e1acaed3d83c62bbf32fa123846c775427674035880495724b802565677fb1e60caaec908
-
SSDEEP
12288:9IOc8oTDQhvBHYQjlbtavkc/seNi3nlYrqy/u0:fdYQje8c/NalYrTm
Static task
static1
Behavioral task
behavioral1
Sample
e5b9b74eebb668057efbc291ba737833_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e5b9b74eebb668057efbc291ba737833_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@Mexico1.,
Targets
-
-
Target
e5b9b74eebb668057efbc291ba737833_JaffaCakes118
-
Size
619KB
-
MD5
e5b9b74eebb668057efbc291ba737833
-
SHA1
f9a0d97699b87ec7e7b510da48368ebffb5c1aa4
-
SHA256
577dec5b1c3f42aec4b810355f14d307ee665979f89f3b1fec1ef8a854ca5bf4
-
SHA512
6320001a328efb37c02e5b8dd188b421233af446515c321e2afe7a7e1acaed3d83c62bbf32fa123846c775427674035880495724b802565677fb1e60caaec908
-
SSDEEP
12288:9IOc8oTDQhvBHYQjlbtavkc/seNi3nlYrqy/u0:fdYQje8c/NalYrTm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-