General
-
Target
e06eabb5ec39afc9df92a36d9aff7347_JaffaCakes118
-
Size
539KB
-
Sample
240914-sd4meazhjh
-
MD5
e06eabb5ec39afc9df92a36d9aff7347
-
SHA1
bef2716ea80432f5c196f900d0cf0c06f2449e51
-
SHA256
ddce93e04303bababc6a38bc0ee011ac8d55905f9f32d3d2f21fcb31de681dce
-
SHA512
2ce3afd280c014952f1122a54c4b0c8d0045f57f78b3e8f62f4e1ccfd3b8102c893a0f1218b0a26b9365109dba01e88fc89b653b503175f93fc77e35d350123a
-
SSDEEP
12288:egz6hG1y9YgggdiK29lBWd32WlqzSsT/HuiwZdJYzinq6/lT:vggFvBA2hWifqZMiq6/
Static task
static1
Behavioral task
behavioral1
Sample
e06eabb5ec39afc9df92a36d9aff7347_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e06eabb5ec39afc9df92a36d9aff7347_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.seroval.com - Port:
587 - Username:
kohl@seroval.com - Password:
5dB83uEf@Ude
Targets
-
-
Target
e06eabb5ec39afc9df92a36d9aff7347_JaffaCakes118
-
Size
539KB
-
MD5
e06eabb5ec39afc9df92a36d9aff7347
-
SHA1
bef2716ea80432f5c196f900d0cf0c06f2449e51
-
SHA256
ddce93e04303bababc6a38bc0ee011ac8d55905f9f32d3d2f21fcb31de681dce
-
SHA512
2ce3afd280c014952f1122a54c4b0c8d0045f57f78b3e8f62f4e1ccfd3b8102c893a0f1218b0a26b9365109dba01e88fc89b653b503175f93fc77e35d350123a
-
SSDEEP
12288:egz6hG1y9YgggdiK29lBWd32WlqzSsT/HuiwZdJYzinq6/lT:vggFvBA2hWifqZMiq6/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1