General

  • Target

    e5b3fc8e7c159b836046b6f657179929_JaffaCakes118

  • Size

    489KB

  • Sample

    240407-ycm6xsce4s

  • MD5

    e5b3fc8e7c159b836046b6f657179929

  • SHA1

    90a8ebb6a71a7b8462cfbf5ff7605bc66297c48e

  • SHA256

    73cefc887f0ab4d9e0269c527c1687e360493926bfb7ccc3a876b4bb19832b85

  • SHA512

    977613bb7d32ea91aaf8c2303ae25dbd2ea9ba18b5ceca68a014af2be261efc3330a6b48a24c7fbbd2f22a602d59af00abf81de37b613971d9f89d6902be3e01

  • SSDEEP

    6144:pqpaDiyDFrvC2uEXmoKpiTQfmlrnKdjkt1V3e+VEdC0cRm7+7nT3wJHWv2EvkWbm:pTDBNKEvKMnKdQPVxEdFcs1Ji7bTG

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.bafaqroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bs%K^dS2

Targets

    • Target

      e5b3fc8e7c159b836046b6f657179929_JaffaCakes118

    • Size

      489KB

    • MD5

      e5b3fc8e7c159b836046b6f657179929

    • SHA1

      90a8ebb6a71a7b8462cfbf5ff7605bc66297c48e

    • SHA256

      73cefc887f0ab4d9e0269c527c1687e360493926bfb7ccc3a876b4bb19832b85

    • SHA512

      977613bb7d32ea91aaf8c2303ae25dbd2ea9ba18b5ceca68a014af2be261efc3330a6b48a24c7fbbd2f22a602d59af00abf81de37b613971d9f89d6902be3e01

    • SSDEEP

      6144:pqpaDiyDFrvC2uEXmoKpiTQfmlrnKdjkt1V3e+VEdC0cRm7+7nT3wJHWv2EvkWbm:pTDBNKEvKMnKdQPVxEdFcs1Ji7bTG

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • AgentTesla payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks