Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
da65062d01358edbdfda7e0642b135b8_JaffaCakes118
-
Size
574KB
-
Sample
240911-p7apms1fpj
-
MD5
da65062d01358edbdfda7e0642b135b8
-
SHA1
107850eb38c82af848622db6821ef95d51be6fe9
-
SHA256
9ec0bfce36093b27ef26fc4cfb265541081bdd2bd6b140a8ceb5ce7c126c432f
-
SHA512
b2e862b44094012351984e028fd4088bb8235bf360cfe04157d7ab3a5b9d78f742d186012a2c2c9e59759c28faecbd710ddd6d96a67228378d2ceff1c724a0e1
-
SSDEEP
6144:x7M1KWv3ZoBdO1eLpsDnM5zAOdaIR5PlTt8bbOugEEnRUkd6jX2JPxcYEUO:x7M1KY3mICzrPlpnUAPxc2
Static task
static1
Behavioral task
behavioral1
Sample
da65062d01358edbdfda7e0642b135b8_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
da65062d01358edbdfda7e0642b135b8_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Blessed000@
Targets
-
-
Target
da65062d01358edbdfda7e0642b135b8_JaffaCakes118
-
Size
574KB
-
MD5
da65062d01358edbdfda7e0642b135b8
-
SHA1
107850eb38c82af848622db6821ef95d51be6fe9
-
SHA256
9ec0bfce36093b27ef26fc4cfb265541081bdd2bd6b140a8ceb5ce7c126c432f
-
SHA512
b2e862b44094012351984e028fd4088bb8235bf360cfe04157d7ab3a5b9d78f742d186012a2c2c9e59759c28faecbd710ddd6d96a67228378d2ceff1c724a0e1
-
SSDEEP
6144:x7M1KWv3ZoBdO1eLpsDnM5zAOdaIR5PlTt8bbOugEEnRUkd6jX2JPxcYEUO:x7M1KY3mICzrPlpnUAPxc2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-