General
-
Target
783ad86b833161eb9575bba70db75d35_JaffaCakes118
-
Size
1.6MB
-
Sample
240527-hfg63sbc8w
-
MD5
783ad86b833161eb9575bba70db75d35
-
SHA1
b1127e07dad448e80283db5d83ae5a8c3f1f09ad
-
SHA256
9ae747d8f3cef1d8b365a20227fbb6cd97c4896f6410521d599b9fce3f3514a2
-
SHA512
bdc8827b06fbd43ab7066960ca72c9f2a9e246e13835fc25cf7e9f15ac140d4f4c92acb16ffa6cc514eaccdc8b92989c1c0adde5ed4df18c79f2e6a758ca5bbf
-
SSDEEP
49152:Gu0c++OCvkGs9Fax+dMdxIj37+LIRrWY:JB3vkJ954CLJRC
Static task
static1
Behavioral task
behavioral1
Sample
783ad86b833161eb9575bba70db75d35_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
783ad86b833161eb9575bba70db75d35_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.jamaltradingco.com - Port:
587 - Username:
[email protected] - Password:
1960hm3
Targets
-
-
Target
783ad86b833161eb9575bba70db75d35_JaffaCakes118
-
Size
1.6MB
-
MD5
783ad86b833161eb9575bba70db75d35
-
SHA1
b1127e07dad448e80283db5d83ae5a8c3f1f09ad
-
SHA256
9ae747d8f3cef1d8b365a20227fbb6cd97c4896f6410521d599b9fce3f3514a2
-
SHA512
bdc8827b06fbd43ab7066960ca72c9f2a9e246e13835fc25cf7e9f15ac140d4f4c92acb16ffa6cc514eaccdc8b92989c1c0adde5ed4df18c79f2e6a758ca5bbf
-
SSDEEP
49152:Gu0c++OCvkGs9Fax+dMdxIj37+LIRrWY:JB3vkJ954CLJRC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-