General
-
Target
554be553969bba38ee71b2abe52ee6c8_JaffaCakes118
-
Size
893KB
-
Sample
240518-r93jjsgh66
-
MD5
554be553969bba38ee71b2abe52ee6c8
-
SHA1
8d93b01450fb52f7b12187b17bf5c318fb79d858
-
SHA256
6c4e1f8d9d65712d50dd63f5ef8bce5c788afcec567f735e035f068d8c859341
-
SHA512
ec3f3a3d10f13e28a7e29f025a83dac249839cf2c1b59613200cd539808b388fd429b437c41b9feb07fa09ace3f58988daee0a5d4ff92dfc03481a30813338b2
-
SSDEEP
24576:BZD1cQJRl7oN0RhBIVduQVo28zUOR93hrZgQV/8:LJR+17Vo28d3hZ8
Static task
static1
Behavioral task
behavioral1
Sample
554be553969bba38ee71b2abe52ee6c8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
554be553969bba38ee71b2abe52ee6c8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nc$jcXy8
Targets
-
-
Target
554be553969bba38ee71b2abe52ee6c8_JaffaCakes118
-
Size
893KB
-
MD5
554be553969bba38ee71b2abe52ee6c8
-
SHA1
8d93b01450fb52f7b12187b17bf5c318fb79d858
-
SHA256
6c4e1f8d9d65712d50dd63f5ef8bce5c788afcec567f735e035f068d8c859341
-
SHA512
ec3f3a3d10f13e28a7e29f025a83dac249839cf2c1b59613200cd539808b388fd429b437c41b9feb07fa09ace3f58988daee0a5d4ff92dfc03481a30813338b2
-
SSDEEP
24576:BZD1cQJRl7oN0RhBIVduQVo28zUOR93hrZgQV/8:LJR+17Vo28d3hZ8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-