General
-
Target
54faae96db26732d8fcb30b45ed9dd5d_JaffaCakes118
-
Size
649KB
-
Sample
240518-qxfctaea72
-
MD5
54faae96db26732d8fcb30b45ed9dd5d
-
SHA1
4b53c5234353b12474597338d2d0c6abf9861ca7
-
SHA256
099b24e1801dfdab9db3a4ccf2e57f187c119fd826b8645e6c494d3fda457721
-
SHA512
971dac0502e9ed0ea6030057e624f6d28c80a13ce3e87bc10819995a1ec3cdfabd15a7e2cee54419e8d9caf43895d227ace66d05bb3efb1a044396e71ccc2345
-
SSDEEP
12288:ZnTqBYh2ppPFx5nbeEjut+Lfs5abDUqaNdl++r:nhCFxVFu8LfskbYjRr
Static task
static1
Behavioral task
behavioral1
Sample
54faae96db26732d8fcb30b45ed9dd5d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
54faae96db26732d8fcb30b45ed9dd5d_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
HEoxefZ9
Targets
-
-
Target
54faae96db26732d8fcb30b45ed9dd5d_JaffaCakes118
-
Size
649KB
-
MD5
54faae96db26732d8fcb30b45ed9dd5d
-
SHA1
4b53c5234353b12474597338d2d0c6abf9861ca7
-
SHA256
099b24e1801dfdab9db3a4ccf2e57f187c119fd826b8645e6c494d3fda457721
-
SHA512
971dac0502e9ed0ea6030057e624f6d28c80a13ce3e87bc10819995a1ec3cdfabd15a7e2cee54419e8d9caf43895d227ace66d05bb3efb1a044396e71ccc2345
-
SSDEEP
12288:ZnTqBYh2ppPFx5nbeEjut+Lfs5abDUqaNdl++r:nhCFxVFu8LfskbYjRr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1