General

  • Target

    e5b9b74eebb668057efbc291ba737833_JaffaCakes118

  • Size

    619KB

  • Sample

    240407-yk7kjadc53

  • MD5

    e5b9b74eebb668057efbc291ba737833

  • SHA1

    f9a0d97699b87ec7e7b510da48368ebffb5c1aa4

  • SHA256

    577dec5b1c3f42aec4b810355f14d307ee665979f89f3b1fec1ef8a854ca5bf4

  • SHA512

    6320001a328efb37c02e5b8dd188b421233af446515c321e2afe7a7e1acaed3d83c62bbf32fa123846c775427674035880495724b802565677fb1e60caaec908

  • SSDEEP

    12288:9IOc8oTDQhvBHYQjlbtavkc/seNi3nlYrqy/u0:fdYQje8c/NalYrTm

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @Mexico1.,

Targets

    • Target

      e5b9b74eebb668057efbc291ba737833_JaffaCakes118

    • Size

      619KB

    • MD5

      e5b9b74eebb668057efbc291ba737833

    • SHA1

      f9a0d97699b87ec7e7b510da48368ebffb5c1aa4

    • SHA256

      577dec5b1c3f42aec4b810355f14d307ee665979f89f3b1fec1ef8a854ca5bf4

    • SHA512

      6320001a328efb37c02e5b8dd188b421233af446515c321e2afe7a7e1acaed3d83c62bbf32fa123846c775427674035880495724b802565677fb1e60caaec908

    • SSDEEP

      12288:9IOc8oTDQhvBHYQjlbtavkc/seNi3nlYrqy/u0:fdYQje8c/NalYrTm

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks