General
-
Target
e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118
-
Size
1.3MB
-
Sample
240916-xaew4atdlm
-
MD5
e55fedd6c22acd3a7f5952c827f1dd3c
-
SHA1
0571e0f30bca6b88d569f035097600de639c6a44
-
SHA256
627f8214e9589ca767888fd3a4ad42ad7d0aa1dd422f5006538ed5e422c21f38
-
SHA512
8adb9faf3aae6c0dce6d90af0f64017ce3de698f4a40b7159fba6b6eca5cec40df3e29f56a2a04a65f596028324801c5946df2e5ed176d5659a2e17a2eedce1c
-
SSDEEP
12288:+ALF+FEkNXkH62mgZ6qO23a0c1LD33T38Iu65nDz4o5LePnR1HvH9nc+Hoq:ZsEkNMmB3L4WI15lvKkoq
Static task
static1
Behavioral task
behavioral1
Sample
e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118
-
Size
1.3MB
-
MD5
e55fedd6c22acd3a7f5952c827f1dd3c
-
SHA1
0571e0f30bca6b88d569f035097600de639c6a44
-
SHA256
627f8214e9589ca767888fd3a4ad42ad7d0aa1dd422f5006538ed5e422c21f38
-
SHA512
8adb9faf3aae6c0dce6d90af0f64017ce3de698f4a40b7159fba6b6eca5cec40df3e29f56a2a04a65f596028324801c5946df2e5ed176d5659a2e17a2eedce1c
-
SSDEEP
12288:+ALF+FEkNXkH62mgZ6qO23a0c1LD33T38Iu65nDz4o5LePnR1HvH9nc+Hoq:ZsEkNMmB3L4WI15lvKkoq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1