General
-
Target
6f2f5086cf3684fd4058c8346b9bc014_JaffaCakes118
-
Size
554KB
-
Sample
240524-vc7c1sce3s
-
MD5
6f2f5086cf3684fd4058c8346b9bc014
-
SHA1
55bb5f38ad70f305524fbcb02db196b810f905e8
-
SHA256
4e7718c246accd9b6ef74fc052a59a429db00761f87d1d62d6fe422643b48023
-
SHA512
8c89acbaa4debbcf8dd95effea7be38934f0c561261306b6942a2f42cc5e10d8fe19b3df740d6915f74b641ed386e7a41d26fda2cbcbe1ae36bcf42c15224fd5
-
SSDEEP
12288:AW66kqD2wGOWbDud8t9hmKi1dTTgIMUE:AW62D2w1Wv409hmv1dTThMUE
Static task
static1
Behavioral task
behavioral1
Sample
6f2f5086cf3684fd4058c8346b9bc014_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6f2f5086cf3684fd4058c8346b9bc014_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6f2f5086cf3684fd4058c8346b9bc014_JaffaCakes118
-
Size
554KB
-
MD5
6f2f5086cf3684fd4058c8346b9bc014
-
SHA1
55bb5f38ad70f305524fbcb02db196b810f905e8
-
SHA256
4e7718c246accd9b6ef74fc052a59a429db00761f87d1d62d6fe422643b48023
-
SHA512
8c89acbaa4debbcf8dd95effea7be38934f0c561261306b6942a2f42cc5e10d8fe19b3df740d6915f74b641ed386e7a41d26fda2cbcbe1ae36bcf42c15224fd5
-
SSDEEP
12288:AW66kqD2wGOWbDud8t9hmKi1dTTgIMUE:AW62D2w1Wv409hmv1dTThMUE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-