General
-
Target
dd9d7ed8a5e003fc237ac5fadb609e14_JaffaCakes118
-
Size
500KB
-
Sample
240913-ef1rmstcke
-
MD5
dd9d7ed8a5e003fc237ac5fadb609e14
-
SHA1
9934bc18668c752d883dd0a0c7c9440950f7ac3c
-
SHA256
d64afdc44491ffabe97b8dab039fbecd32ae7a4d31f82238b7081086576fbc39
-
SHA512
08369d3bc1eaffee9eeac5561065b305d0109454e56843f9da73fd17208686d177f0d2883cd8a454fba4e2d0f457002fc312853af41322c64e7b987aaa0da7c8
-
SSDEEP
6144:WyLm2GQcjPWnYXU7DhTI1frzRBsdASBNEZGJW7V42QSj5wObJYWkC:tvYEJI1TlBY9DEZ7V6SCOlGC
Behavioral task
behavioral1
Sample
dd9d7ed8a5e003fc237ac5fadb609e14_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dd9d7ed8a5e003fc237ac5fadb609e14_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
dd9d7ed8a5e003fc237ac5fadb609e14_JaffaCakes118
-
Size
500KB
-
MD5
dd9d7ed8a5e003fc237ac5fadb609e14
-
SHA1
9934bc18668c752d883dd0a0c7c9440950f7ac3c
-
SHA256
d64afdc44491ffabe97b8dab039fbecd32ae7a4d31f82238b7081086576fbc39
-
SHA512
08369d3bc1eaffee9eeac5561065b305d0109454e56843f9da73fd17208686d177f0d2883cd8a454fba4e2d0f457002fc312853af41322c64e7b987aaa0da7c8
-
SSDEEP
6144:WyLm2GQcjPWnYXU7DhTI1frzRBsdASBNEZGJW7V42QSj5wObJYWkC:tvYEJI1TlBY9DEZ7V6SCOlGC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1