General
-
Target
f273f94233e9a6c880fb64abec8a0e72_JaffaCakes118
-
Size
715KB
-
Sample
240922-vnxmyszhqq
-
MD5
f273f94233e9a6c880fb64abec8a0e72
-
SHA1
d77afa63550b8ee5850ca4426afa9c3ea50c2fdd
-
SHA256
3edccf5383c7a7cac49e3908ca28a619071df60959a7d59be96e714e0d69e30f
-
SHA512
cb8dc22224a29ba81ba48877de2d3d4d27f3fd98cd45d608a3bb5284cc6c03a5afa68928aa14855eb4ab7d6e7d1b9c1158bc46c890e66f74a2a03d1e372df375
-
SSDEEP
12288:ToWlkPkNxk27FFoh5DIJASCz0/6Aqf1c+mDxD9d8T4/E9ongp5Vz2CsfsgvFLbJn:Tw0FcDiJ20/
Static task
static1
Behavioral task
behavioral1
Sample
f273f94233e9a6c880fb64abec8a0e72_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f273f94233e9a6c880fb64abec8a0e72_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
f273f94233e9a6c880fb64abec8a0e72_JaffaCakes118
-
Size
715KB
-
MD5
f273f94233e9a6c880fb64abec8a0e72
-
SHA1
d77afa63550b8ee5850ca4426afa9c3ea50c2fdd
-
SHA256
3edccf5383c7a7cac49e3908ca28a619071df60959a7d59be96e714e0d69e30f
-
SHA512
cb8dc22224a29ba81ba48877de2d3d4d27f3fd98cd45d608a3bb5284cc6c03a5afa68928aa14855eb4ab7d6e7d1b9c1158bc46c890e66f74a2a03d1e372df375
-
SSDEEP
12288:ToWlkPkNxk27FFoh5DIJASCz0/6Aqf1c+mDxD9d8T4/E9ongp5Vz2CsfsgvFLbJn:Tw0FcDiJ20/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1