General
-
Target
JaffaCakes118_8bbe66fe1aa1c26e2ef7b4d752998d3a
-
Size
484KB
-
Sample
250108-fagbgsvjew
-
MD5
8bbe66fe1aa1c26e2ef7b4d752998d3a
-
SHA1
8df9097789d3b548c807d5c932c9a530cf1fa1a0
-
SHA256
bac1342206103fdc88c4c3ca8b2c30d73e46781d8e40f82f1ea4064547bbb76c
-
SHA512
e19fef507bff4b75bce4d6a9ce6e18209cd0d5aa660e89abee2e6daba6e96751c279f2bb6ccd8a265b196a5addb282695f58cf36612ecbd25184d6ad64191a04
-
SSDEEP
12288:0mky6kGLZ6suBxjiBeKa1iwclbx0KjlbnE7N:xxsUxj++1i7l+N
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_8bbe66fe1aa1c26e2ef7b4d752998d3a.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_8bbe66fe1aa1c26e2ef7b4d752998d3a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.penavico--cz.com - Port:
587 - Username:
[email protected] - Password:
Fq$L%J((!6
Targets
-
-
Target
JaffaCakes118_8bbe66fe1aa1c26e2ef7b4d752998d3a
-
Size
484KB
-
MD5
8bbe66fe1aa1c26e2ef7b4d752998d3a
-
SHA1
8df9097789d3b548c807d5c932c9a530cf1fa1a0
-
SHA256
bac1342206103fdc88c4c3ca8b2c30d73e46781d8e40f82f1ea4064547bbb76c
-
SHA512
e19fef507bff4b75bce4d6a9ce6e18209cd0d5aa660e89abee2e6daba6e96751c279f2bb6ccd8a265b196a5addb282695f58cf36612ecbd25184d6ad64191a04
-
SSDEEP
12288:0mky6kGLZ6suBxjiBeKa1iwclbx0KjlbnE7N:xxsUxj++1i7l+N
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-