General
-
Target
a9d446028c39a325f32407a20c4efb6e_JaffaCakes118
-
Size
688KB
-
Sample
240614-qceksasamb
-
MD5
a9d446028c39a325f32407a20c4efb6e
-
SHA1
087ae77ace998067e1644f932246086dbbc841c1
-
SHA256
19036261b89b27743d0b8c2353751f57b256357525068f67b166608b1eb33268
-
SHA512
4cb4d1103e8687e9322ae3a02bf86c30d070a1094c1ce458bad1a17d610e3fad1a0c063b7f57f9668b0ed1f50e739a9cb209156885327c2999144c0e59c0eca7
-
SSDEEP
12288:e9+UFSbzwd6xyFjH8H1NDNCqovrO4IeDKURlqr0Uk:g+pbzwIxk4VdoqmIeDKU6Ib
Static task
static1
Behavioral task
behavioral1
Sample
a9d446028c39a325f32407a20c4efb6e_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a9d446028c39a325f32407a20c4efb6e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a9d446028c39a325f32407a20c4efb6e_JaffaCakes118
-
Size
688KB
-
MD5
a9d446028c39a325f32407a20c4efb6e
-
SHA1
087ae77ace998067e1644f932246086dbbc841c1
-
SHA256
19036261b89b27743d0b8c2353751f57b256357525068f67b166608b1eb33268
-
SHA512
4cb4d1103e8687e9322ae3a02bf86c30d070a1094c1ce458bad1a17d610e3fad1a0c063b7f57f9668b0ed1f50e739a9cb209156885327c2999144c0e59c0eca7
-
SSDEEP
12288:e9+UFSbzwd6xyFjH8H1NDNCqovrO4IeDKURlqr0Uk:g+pbzwIxk4VdoqmIeDKU6Ib
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-