General
-
Target
ad53a021240c3ca492fc17b70a07f903_JaffaCakes118
-
Size
816KB
-
Sample
240615-h94beascme
-
MD5
ad53a021240c3ca492fc17b70a07f903
-
SHA1
40cc56db2efcb386b38dd585112fef0145ed8cd4
-
SHA256
acce79d4cb1c1968e0db0f8e46a0731c48b309c8a2ded437f0067a4547859185
-
SHA512
4e8f87f756bf7f89b28121ca2d9bba8c54dd66ee7070e336695f6f7fd0a82e083b427154c92426e029407c119f59997aa9c148ab069fbd5dc8841d496636a2a0
-
SSDEEP
12288:tyJoj7/HdCmQp4j8bxhevPWhc7n/p7XChpl9ZN0raSbwMKIt0p0MI8nntzbhzEeY:tN0emy3eUnxQNSFWfqSntzbhzEe1yib
Static task
static1
Behavioral task
behavioral1
Sample
ad53a021240c3ca492fc17b70a07f903_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad53a021240c3ca492fc17b70a07f903_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ad53a021240c3ca492fc17b70a07f903_JaffaCakes118
-
Size
816KB
-
MD5
ad53a021240c3ca492fc17b70a07f903
-
SHA1
40cc56db2efcb386b38dd585112fef0145ed8cd4
-
SHA256
acce79d4cb1c1968e0db0f8e46a0731c48b309c8a2ded437f0067a4547859185
-
SHA512
4e8f87f756bf7f89b28121ca2d9bba8c54dd66ee7070e336695f6f7fd0a82e083b427154c92426e029407c119f59997aa9c148ab069fbd5dc8841d496636a2a0
-
SSDEEP
12288:tyJoj7/HdCmQp4j8bxhevPWhc7n/p7XChpl9ZN0raSbwMKIt0p0MI8nntzbhzEeY:tN0emy3eUnxQNSFWfqSntzbhzEe1yib
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-