General
-
Target
e57f9a304c3b06d60f00007e6412978a_JaffaCakes118
-
Size
650KB
-
Sample
240916-yr3j6axclc
-
MD5
e57f9a304c3b06d60f00007e6412978a
-
SHA1
fe73bf73c15a4274917724969b39eedaac3dc54c
-
SHA256
eb05365a45080a0ee40aa03ac166b7d3f47d4f86bdd37427ba754be5aaee6aae
-
SHA512
95b6e654ddf6e05d380969a98810e9aef629d95b2f5608ea9bfd8b73ebdf25c76076e24a100dd70e797f94ed5607a30781ca24b53410f46c4dd01671a206b4ef
-
SSDEEP
12288:6Qbhex2teM2Lfzpl6+fcZfcNp3nCoKza52MYSnbbOzhz:Xh1n2Ltlpm+x/K252MYSnvOR
Static task
static1
Behavioral task
behavioral1
Sample
e57f9a304c3b06d60f00007e6412978a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e57f9a304c3b06d60f00007e6412978a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e57f9a304c3b06d60f00007e6412978a_JaffaCakes118
-
Size
650KB
-
MD5
e57f9a304c3b06d60f00007e6412978a
-
SHA1
fe73bf73c15a4274917724969b39eedaac3dc54c
-
SHA256
eb05365a45080a0ee40aa03ac166b7d3f47d4f86bdd37427ba754be5aaee6aae
-
SHA512
95b6e654ddf6e05d380969a98810e9aef629d95b2f5608ea9bfd8b73ebdf25c76076e24a100dd70e797f94ed5607a30781ca24b53410f46c4dd01671a206b4ef
-
SSDEEP
12288:6Qbhex2teM2Lfzpl6+fcZfcNp3nCoKza52MYSnbbOzhz:Xh1n2Ltlpm+x/K252MYSnvOR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1