General
-
Target
83acb115bdb389fd54224ebcdea40b5a_JaffaCakes118
-
Size
1.1MB
-
Sample
241031-z2kyjasjb1
-
MD5
83acb115bdb389fd54224ebcdea40b5a
-
SHA1
b257a64769a1224650de1a73495c37a3009fa736
-
SHA256
e7599bcc08401611fb13d896b65db11c6e0015eda18654ed182486dc04bffc09
-
SHA512
a4a4d1d9e7580ddb1b2aeb9b7ab329020a4cecddde43c9958d1dc524f4fcff41df15e669a58274c1c30b7b0991bd939efd069e0dfd81b1e5b433b33f63fc5727
-
SSDEEP
12288:5IZviOxt2qGUL36hJyp0PoiC/dmqSzGo7kYz9QLrNVd9cFLg2lPO/m3fJ6LfRqV:yBiAGUT6hQgoiC/dmqSzGQz9QPN26
Static task
static1
Behavioral task
behavioral1
Sample
83acb115bdb389fd54224ebcdea40b5a_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
83acb115bdb389fd54224ebcdea40b5a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.fidautoes.com - Port:
587 - Username:
[email protected] - Password:
kvV!He#1
Targets
-
-
Target
83acb115bdb389fd54224ebcdea40b5a_JaffaCakes118
-
Size
1.1MB
-
MD5
83acb115bdb389fd54224ebcdea40b5a
-
SHA1
b257a64769a1224650de1a73495c37a3009fa736
-
SHA256
e7599bcc08401611fb13d896b65db11c6e0015eda18654ed182486dc04bffc09
-
SHA512
a4a4d1d9e7580ddb1b2aeb9b7ab329020a4cecddde43c9958d1dc524f4fcff41df15e669a58274c1c30b7b0991bd939efd069e0dfd81b1e5b433b33f63fc5727
-
SSDEEP
12288:5IZviOxt2qGUL36hJyp0PoiC/dmqSzGo7kYz9QLrNVd9cFLg2lPO/m3fJ6LfRqV:yBiAGUT6hQgoiC/dmqSzGQz9QPN26
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1