General
-
Target
e4c9b4087c5f5474c58de7848f352d11_JaffaCakes118
-
Size
1.9MB
-
Sample
240916-pvd7asxhkm
-
MD5
e4c9b4087c5f5474c58de7848f352d11
-
SHA1
8056f81b2fabf3dc98202dbd194e73e6e9efc46f
-
SHA256
8343e4d3a3599b845d0a466bf52f0e110100451bf773559a356fc4fc60eeaa54
-
SHA512
7d4a6188768c9dbe5fad97551d3a42a7de09333820710e45ec5d3071871988d8f99546b131f7e993dcf8ce9e3cdca585b0d19740f2eb7f347c6340261e81ffeb
-
SSDEEP
24576:sx6tux8GaXJRc56R83utBsS3/nxJX/4X/otEZ4UJKW1mzLFeCXDMDY4U7:HJuyBsMoRZ4UJKW1mzLFeCXDMDY4U
Static task
static1
Behavioral task
behavioral1
Sample
e4c9b4087c5f5474c58de7848f352d11_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wowwow.com.sg - Port:
587 - Username:
[email protected] - Password:
$$wow_5405* - Email To:
[email protected]
Targets
-
-
Target
e4c9b4087c5f5474c58de7848f352d11_JaffaCakes118
-
Size
1.9MB
-
MD5
e4c9b4087c5f5474c58de7848f352d11
-
SHA1
8056f81b2fabf3dc98202dbd194e73e6e9efc46f
-
SHA256
8343e4d3a3599b845d0a466bf52f0e110100451bf773559a356fc4fc60eeaa54
-
SHA512
7d4a6188768c9dbe5fad97551d3a42a7de09333820710e45ec5d3071871988d8f99546b131f7e993dcf8ce9e3cdca585b0d19740f2eb7f347c6340261e81ffeb
-
SSDEEP
24576:sx6tux8GaXJRc56R83utBsS3/nxJX/4X/otEZ4UJKW1mzLFeCXDMDY4U7:HJuyBsMoRZ4UJKW1mzLFeCXDMDY4U
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-