General
-
Target
8c5abfbafa1f89f3b185991f8034e512_JaffaCakes118
-
Size
955KB
-
Sample
241103-tqmp4a1mak
-
MD5
8c5abfbafa1f89f3b185991f8034e512
-
SHA1
5828921401d69e1c9bf722a8be72336cb4ee8747
-
SHA256
6446aa9e6d05fbf19b8458e5ee6d3f10f9eb5a874c98290712aa7453737b7a8c
-
SHA512
9e4adbbf00a9c29a253031030824aef5e78e6bea8c5c8564c5284d2f8ea4a3ebafcff82fd1f2f2a09693231db1fb9828d9442e7e84e7605503470ea84b60b913
-
SSDEEP
24576:3YJSji6urlYEkG5p40JH1O3PSyQrG1iSaWpySbFh3XSjHnHE:3QHM/S5rYXpyS5h3ijE
Static task
static1
Behavioral task
behavioral1
Sample
8c5abfbafa1f89f3b185991f8034e512_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8c5abfbafa1f89f3b185991f8034e512_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tanttec.com - Port:
587 - Username:
[email protected] - Password:
fJ#kxSi1
Targets
-
-
Target
8c5abfbafa1f89f3b185991f8034e512_JaffaCakes118
-
Size
955KB
-
MD5
8c5abfbafa1f89f3b185991f8034e512
-
SHA1
5828921401d69e1c9bf722a8be72336cb4ee8747
-
SHA256
6446aa9e6d05fbf19b8458e5ee6d3f10f9eb5a874c98290712aa7453737b7a8c
-
SHA512
9e4adbbf00a9c29a253031030824aef5e78e6bea8c5c8564c5284d2f8ea4a3ebafcff82fd1f2f2a09693231db1fb9828d9442e7e84e7605503470ea84b60b913
-
SSDEEP
24576:3YJSji6urlYEkG5p40JH1O3PSyQrG1iSaWpySbFh3XSjHnHE:3QHM/S5rYXpyS5h3ijE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1