General
-
Target
fca681ab84b7944e25aae8eed810be6a_JaffaCakes118
-
Size
541KB
-
Sample
240928-tge9natgpm
-
MD5
fca681ab84b7944e25aae8eed810be6a
-
SHA1
86a8575356c6fea3a7cd97cb39ceaf9e00208bbb
-
SHA256
5be9a53986e565d11dc80aabb0f4d08eecc2c27a7f7c000710be48017f273032
-
SHA512
4c1727760e9586ee72fa757c341efe6e79a584662d2a6e13d31bb97400f33eaaad0113d6517414e9bb78823bc541077ef5e7cde2ed562ca56777983d7594ee35
-
SSDEEP
12288:nGFJqrEG3BrBW41718C3py/YrVIrg/JRzEQwb:SqQiDW4F1X3pk0Vig/3AQK
Static task
static1
Behavioral task
behavioral1
Sample
fca681ab84b7944e25aae8eed810be6a_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.signtradeonline.com - Port:
587 - Username:
[email protected] - Password:
34DOIoQd7HYy
Targets
-
-
Target
fca681ab84b7944e25aae8eed810be6a_JaffaCakes118
-
Size
541KB
-
MD5
fca681ab84b7944e25aae8eed810be6a
-
SHA1
86a8575356c6fea3a7cd97cb39ceaf9e00208bbb
-
SHA256
5be9a53986e565d11dc80aabb0f4d08eecc2c27a7f7c000710be48017f273032
-
SHA512
4c1727760e9586ee72fa757c341efe6e79a584662d2a6e13d31bb97400f33eaaad0113d6517414e9bb78823bc541077ef5e7cde2ed562ca56777983d7594ee35
-
SSDEEP
12288:nGFJqrEG3BrBW41718C3py/YrVIrg/JRzEQwb:SqQiDW4F1X3pk0Vig/3AQK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-