General
-
Target
ad342090d35285ee22f75c37814d31d5_JaffaCakes118
-
Size
436KB
-
Sample
240615-hf4p3svepk
-
MD5
ad342090d35285ee22f75c37814d31d5
-
SHA1
8fd3d71dca357f13bcc04963e3feaf99a3c7adef
-
SHA256
b92d0e306e620dc2f6f39228cdff6e77aa9c871d82ee4f20cb5b3cf736f48093
-
SHA512
8d213d42fe07565e7bdce9209440b7659aba1bd97375e7a2bab3c0a853b318d0ea6899c21a4620ace51566fb99418b9991c914cca958d44c4c6b68d7f17ca487
-
SSDEEP
12288:2RXSv2zv1gT8r6owluoPXJ8wzK8uQSXKRm7Icj0j5gX:AXl2Ir6owluoPXmwzJuQsNjjAI
Static task
static1
Behavioral task
behavioral1
Sample
ad342090d35285ee22f75c37814d31d5_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ad342090d35285ee22f75c37814d31d5_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gautengelectrical.co.za - Port:
587 - Username:
[email protected] - Password:
*2wo)L6EXH7% - Email To:
[email protected]
Targets
-
-
Target
ad342090d35285ee22f75c37814d31d5_JaffaCakes118
-
Size
436KB
-
MD5
ad342090d35285ee22f75c37814d31d5
-
SHA1
8fd3d71dca357f13bcc04963e3feaf99a3c7adef
-
SHA256
b92d0e306e620dc2f6f39228cdff6e77aa9c871d82ee4f20cb5b3cf736f48093
-
SHA512
8d213d42fe07565e7bdce9209440b7659aba1bd97375e7a2bab3c0a853b318d0ea6899c21a4620ace51566fb99418b9991c914cca958d44c4c6b68d7f17ca487
-
SSDEEP
12288:2RXSv2zv1gT8r6owluoPXJ8wzK8uQSXKRm7Icj0j5gX:AXl2Ir6owluoPXmwzJuQsNjjAI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-