General
-
Target
f22912cbc0d7b2505bae8bf268cc2e66_JaffaCakes118
-
Size
785KB
-
Sample
240922-rd4fzatapk
-
MD5
f22912cbc0d7b2505bae8bf268cc2e66
-
SHA1
16cec5347a8753d861681f300355668b5115db41
-
SHA256
f7c5429a185569e355d9ee8597eac5d75e6079fd91713e77ec2af675fe9b7f1f
-
SHA512
f8000bca1d470d68ba4d31ae61c80e6e50a8ec897156be82f4bcf024425235dd2a2f4427d4df52b1c24b669994d60e81ad331b73ad7f000d26e02cf0d620960c
-
SSDEEP
12288:tYV6MorX7qzuC3QHO9FQVHPF51jgcTy6SikT5KzoSsD2mSfYwI/RtNdMKrDi6:CBXu9HGaVHW6drzzu/p/RtNdXF
Behavioral task
behavioral1
Sample
f22912cbc0d7b2505bae8bf268cc2e66_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f22912cbc0d7b2505bae8bf268cc2e66_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
f22912cbc0d7b2505bae8bf268cc2e66_JaffaCakes118
-
Size
785KB
-
MD5
f22912cbc0d7b2505bae8bf268cc2e66
-
SHA1
16cec5347a8753d861681f300355668b5115db41
-
SHA256
f7c5429a185569e355d9ee8597eac5d75e6079fd91713e77ec2af675fe9b7f1f
-
SHA512
f8000bca1d470d68ba4d31ae61c80e6e50a8ec897156be82f4bcf024425235dd2a2f4427d4df52b1c24b669994d60e81ad331b73ad7f000d26e02cf0d620960c
-
SSDEEP
12288:tYV6MorX7qzuC3QHO9FQVHPF51jgcTy6SikT5KzoSsD2mSfYwI/RtNdMKrDi6:CBXu9HGaVHW6drzzu/p/RtNdXF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-