Overview

overview

10

Static

static

5

1f68adffbf...18.exe

windows7-x64

10

1f68adffbf...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f68adffbf66a64fc351fbc3fba34e32_JaffaCakes118

  • Size

    45KB

  • Sample

    241008-ebhp9sxdmj

  • MD5

    1f68adffbf66a64fc351fbc3fba34e32

  • SHA1

    fef394ad887006a63f432de88b54d2949dc7b5d9

  • SHA256

    adecdd10277b7b26fffa3abf27b89b5867a6ddbed9f4bd88b335203c146b5f1e

  • SHA512

    6314d48bde39798fce59be6395f2e5aa70edc09fe42e8d8d3f832c61e8eae4904ef03557cd5f11a43f6b6cee1bcf1af88ab9323ef1fb54c6ac2bf1446e3219d8

  • SSDEEP

    384:xp4eMlp2Cz0jpqWnBGJhMYbVBnQwxVfzd4zfVPmpzCA44oSduhp/4oHxZUtO4f5x:rZu2fGnDbVBrxVGWud4PQ9Vd4f54A

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      1f68adffbf66a64fc351fbc3fba34e32_JaffaCakes118

    • Size

      45KB

    • MD5

      1f68adffbf66a64fc351fbc3fba34e32

    • SHA1

      fef394ad887006a63f432de88b54d2949dc7b5d9

    • SHA256

      adecdd10277b7b26fffa3abf27b89b5867a6ddbed9f4bd88b335203c146b5f1e

    • SHA512

      6314d48bde39798fce59be6395f2e5aa70edc09fe42e8d8d3f832c61e8eae4904ef03557cd5f11a43f6b6cee1bcf1af88ab9323ef1fb54c6ac2bf1446e3219d8

    • SSDEEP

      384:xp4eMlp2Cz0jpqWnBGJhMYbVBnQwxVfzd4zfVPmpzCA44oSduhp/4oHxZUtO4f5x:rZu2fGnDbVBrxVGWud4PQ9Vd4f54A

    Score
    10/10
    agenttesladiscoverykeyloggerpersistencespywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks