Overview

overview

10

Static

static

3

JaffaCakes...9f.exe

windows10-2004-x64

10

JaffaCakes...9f.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_d0bfe83ba7349d6823585dadc521fd9f

  • Size

    39KB

  • Sample

    250423-da5yqsylt2

  • MD5

    d0bfe83ba7349d6823585dadc521fd9f

  • SHA1

    b91c5b421e7732646bc8605f0c2bdf24142cf531

  • SHA256

    94d0424230c530aeb45ebfd0e9e27017e72d4fbb2aec516c5fdf6a70beb6258d

  • SHA512

    de0eb5f52a5de1cd571098c1706221a89a658790394710562efa8c1a630ca520ed49e59cbe1e3cb73b8f2e14f5305e16babbba0fdc66b06c1584ec22f6e4d720

  • SSDEEP

    384:v8Zirz04kYcm5oRVPUn30CNvkD28bhA1xZUtO4f54A:vJi+5uVPUn30ev+HbhO4f54A

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      JaffaCakes118_d0bfe83ba7349d6823585dadc521fd9f

    • Size

      39KB

    • MD5

      d0bfe83ba7349d6823585dadc521fd9f

    • SHA1

      b91c5b421e7732646bc8605f0c2bdf24142cf531

    • SHA256

      94d0424230c530aeb45ebfd0e9e27017e72d4fbb2aec516c5fdf6a70beb6258d

    • SHA512

      de0eb5f52a5de1cd571098c1706221a89a658790394710562efa8c1a630ca520ed49e59cbe1e3cb73b8f2e14f5305e16babbba0fdc66b06c1584ec22f6e4d720

    • SSDEEP

      384:v8Zirz04kYcm5oRVPUn30CNvkD28bhA1xZUtO4f54A:vJi+5uVPUn30ev+HbhO4f54A

    Score
    10/10
    agenttesladiscoverykeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks