General
-
Target
018682704ca10c84c0be82d0c91a1363_JaffaCakes118
-
Size
512KB
-
Sample
240426-yhrrasag98
-
MD5
018682704ca10c84c0be82d0c91a1363
-
SHA1
8309b960675a28a8220e8a417f621c508adfd8a6
-
SHA256
b68bf22663c69cd1e6ecfe797b73f619468d13dd7367a4d40891eba29136ba46
-
SHA512
4cb8b3564e132c6498377bd8f153be9617943a4abab56d6c46b7d4a0c2871adc5575678b6a607f2736efae70218d023b28604d09bdf424766bd5b565e1c1440f
-
SSDEEP
12288:N/eEdaP4cL5/gj4Ld1EIiarCfufDIN64A1m3mRHlnio9YbSnrR:MF/gj4R1EIROEDl4z3aFwenrR
Static task
static1
Behavioral task
behavioral1
Sample
018682704ca10c84c0be82d0c91a1363_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
018682704ca10c84c0be82d0c91a1363_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thanhphet.asia - Port:
587 - Username:
sales@thanhphet.asia - Password:
Daddyhandsome@1234 - Email To:
mailfilter247@yandex.com
Targets
-
-
Target
018682704ca10c84c0be82d0c91a1363_JaffaCakes118
-
Size
512KB
-
MD5
018682704ca10c84c0be82d0c91a1363
-
SHA1
8309b960675a28a8220e8a417f621c508adfd8a6
-
SHA256
b68bf22663c69cd1e6ecfe797b73f619468d13dd7367a4d40891eba29136ba46
-
SHA512
4cb8b3564e132c6498377bd8f153be9617943a4abab56d6c46b7d4a0c2871adc5575678b6a607f2736efae70218d023b28604d09bdf424766bd5b565e1c1440f
-
SSDEEP
12288:N/eEdaP4cL5/gj4Ld1EIiarCfufDIN64A1m3mRHlnio9YbSnrR:MF/gj4R1EIROEDl4z3aFwenrR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-