General
-
Target
f02bd49ed33a2243d71bb1bbe592f39b_JaffaCakes118
-
Size
1.0MB
-
Sample
240921-trt6ka1hqq
-
MD5
f02bd49ed33a2243d71bb1bbe592f39b
-
SHA1
bb186421c86cf6d10460fceb687be810f8e30e14
-
SHA256
c679ad5f23eff3fe9fbe5e40b07df9b8ecd4804b5f4330c34a4d25d457e3dffa
-
SHA512
5c43d4c0c8edd8ee9761a5f13eb50c729c5603a61d0dc741d9ba51d94965711687ee3b77f656998f93105885f53b747670ea2e7402367e73037277bb2a55ae65
-
SSDEEP
12288:tomgp5yj6jRPLjRPqjBjjyjBjBjBjBjLjcDnrfQPOULRVKKsi/3fXNVSAFH2W/IF:9Lro2M8PK3f9VXlR/I9hsC5
Static task
static1
Behavioral task
behavioral1
Sample
f02bd49ed33a2243d71bb1bbe592f39b_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Blessings@12345
Targets
-
-
Target
f02bd49ed33a2243d71bb1bbe592f39b_JaffaCakes118
-
Size
1.0MB
-
MD5
f02bd49ed33a2243d71bb1bbe592f39b
-
SHA1
bb186421c86cf6d10460fceb687be810f8e30e14
-
SHA256
c679ad5f23eff3fe9fbe5e40b07df9b8ecd4804b5f4330c34a4d25d457e3dffa
-
SHA512
5c43d4c0c8edd8ee9761a5f13eb50c729c5603a61d0dc741d9ba51d94965711687ee3b77f656998f93105885f53b747670ea2e7402367e73037277bb2a55ae65
-
SSDEEP
12288:tomgp5yj6jRPLjRPqjBjjyjBjBjBjBjLjcDnrfQPOULRVKKsi/3fXNVSAFH2W/IF:9Lro2M8PK3f9VXlR/I9hsC5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-