General
-
Target
b7ec3e3e0f5c3114dc06399434178cb3_JaffaCakes118
-
Size
402KB
-
Sample
240617-lkrg4avdpa
-
MD5
b7ec3e3e0f5c3114dc06399434178cb3
-
SHA1
681b25c5532f809013da67c5f07a5af8ab3c5659
-
SHA256
36bd1b916c5fddc7cab66f5cf0dc406849b3d6eab594c47896475daca4f84766
-
SHA512
483e3b0b076078843c338ae02d414e74b27b06c5e21dbca126a1851b867684565ea4a366db01867d7c3a05f8eff190af9b44faf5f79148741d8947651b144e74
-
SSDEEP
6144:1JZj3XBjlkq27zgxRflcIjGzYwTw0FnCK55UbpPgHhrhP5nq:xzZo7cvflcI+b5ClgHh9
Static task
static1
Behavioral task
behavioral1
Sample
b7ec3e3e0f5c3114dc06399434178cb3_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b7ec3e3e0f5c3114dc06399434178cb3_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
66@Xc5120/$/
Targets
-
-
Target
b7ec3e3e0f5c3114dc06399434178cb3_JaffaCakes118
-
Size
402KB
-
MD5
b7ec3e3e0f5c3114dc06399434178cb3
-
SHA1
681b25c5532f809013da67c5f07a5af8ab3c5659
-
SHA256
36bd1b916c5fddc7cab66f5cf0dc406849b3d6eab594c47896475daca4f84766
-
SHA512
483e3b0b076078843c338ae02d414e74b27b06c5e21dbca126a1851b867684565ea4a366db01867d7c3a05f8eff190af9b44faf5f79148741d8947651b144e74
-
SSDEEP
6144:1JZj3XBjlkq27zgxRflcIjGzYwTw0FnCK55UbpPgHhrhP5nq:xzZo7cvflcI+b5ClgHh9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-