General
-
Target
971b4920c07330e68bf402bfd1f8bc8f_JaffaCakes118
-
Size
434KB
-
Sample
240605-d47dnadb21
-
MD5
971b4920c07330e68bf402bfd1f8bc8f
-
SHA1
611a2e34399043c34dc39fbeb14e42c1183c01da
-
SHA256
18be8256c63f4991a328ebbc9866294589609a4fa562a203a74051d2919d7f2e
-
SHA512
80224a614566131fda8f26197854bafffec6c6317953399a7ab6a3da6d6e9926b64df3c1635864c1c916b140633710d8de1b39e1bac1299d03fca6d653b5a944
-
SSDEEP
12288:YrFXmUP61FC34hYyRd8R0xp2R8MLCnE8AZkRa4L+Q98:EgFbhYQk0xp2RPkRaz
Static task
static1
Behavioral task
behavioral1
Sample
971b4920c07330e68bf402bfd1f8bc8f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
971b4920c07330e68bf402bfd1f8bc8f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
1989dennis
Targets
-
-
Target
971b4920c07330e68bf402bfd1f8bc8f_JaffaCakes118
-
Size
434KB
-
MD5
971b4920c07330e68bf402bfd1f8bc8f
-
SHA1
611a2e34399043c34dc39fbeb14e42c1183c01da
-
SHA256
18be8256c63f4991a328ebbc9866294589609a4fa562a203a74051d2919d7f2e
-
SHA512
80224a614566131fda8f26197854bafffec6c6317953399a7ab6a3da6d6e9926b64df3c1635864c1c916b140633710d8de1b39e1bac1299d03fca6d653b5a944
-
SSDEEP
12288:YrFXmUP61FC34hYyRd8R0xp2R8MLCnE8AZkRa4L+Q98:EgFbhYQk0xp2RPkRaz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-