General
-
Target
bc8c9c47fbc12ecf67d1d2db3945475c_JaffaCakes118
-
Size
928KB
-
Sample
240618-sb8tcasgmn
-
MD5
bc8c9c47fbc12ecf67d1d2db3945475c
-
SHA1
206b5978993ebe4c257a9fb4d020589468118d44
-
SHA256
1371ed0e3652cdad077d790e54feec632246b2c457ce225a7536b0fb9d4489d7
-
SHA512
3ea78baee9f493de47f5b746525e9e68919bda31654c15acadc18957ecfa50f6193d4bc35db8fdc3d1c46e65b7fe8d38a00dd72b3181f23f0ef48a45182ff1eb
-
SSDEEP
24576:M5/eqDVN7IQhqbY82pVNjEFG1+2zLwfaUm:MVeqx6QhqYXtEFdA
Static task
static1
Behavioral task
behavioral1
Sample
bc8c9c47fbc12ecf67d1d2db3945475c_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bc8c9c47fbc12ecf67d1d2db3945475c_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kissme4eva
Targets
-
-
Target
bc8c9c47fbc12ecf67d1d2db3945475c_JaffaCakes118
-
Size
928KB
-
MD5
bc8c9c47fbc12ecf67d1d2db3945475c
-
SHA1
206b5978993ebe4c257a9fb4d020589468118d44
-
SHA256
1371ed0e3652cdad077d790e54feec632246b2c457ce225a7536b0fb9d4489d7
-
SHA512
3ea78baee9f493de47f5b746525e9e68919bda31654c15acadc18957ecfa50f6193d4bc35db8fdc3d1c46e65b7fe8d38a00dd72b3181f23f0ef48a45182ff1eb
-
SSDEEP
24576:M5/eqDVN7IQhqbY82pVNjEFG1+2zLwfaUm:MVeqx6QhqYXtEFdA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-