General

  • Target

    45bb98eb146b6574312d7039ada6f45b_JaffaCakes118

  • Size

    237KB

  • Sample

    240515-mf433adb87

  • MD5

    45bb98eb146b6574312d7039ada6f45b

  • SHA1

    38d288283dc016531e1de6562ea966b2767d8c1d

  • SHA256

    cd082656e4b580ec878d38b63063a7e6ebf66c717cbd3ddc2698c6d83d947591

  • SHA512

    39057b3408193ba4c3fc56e7e45a5241fc5e0f132506c3f4f725cfb1cec19760583a0ec764d473132aa78c4e28d208ce3e02b55ca62fc8f671c51004ea14ee43

  • SSDEEP

    6144:Z/fKKMBYP56jGUBKalSEVHc84dWVnfXMlG4LMHlDKY:Z/kBuoGU5lrBc84FlGUuGY

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtpout.asia.secureserver.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    karthic@2018

Targets

    • Target

      Purchase Order PDF.exe

    • Size

      384KB

    • MD5

      71edac346c7e4d2ec02bc3bc8ed49b76

    • SHA1

      cddf3516221ce5e2c90ccd01138014cebe6e1ab1

    • SHA256

      1149d0171a4735349faa99e3665b1eb2d441f7b806d229ca527275098f179832

    • SHA512

      80a6f42db76eb027ca582f276d61e1199d4af546f16bc2dd2a0039aaf815513e1cbd54fcf457db53125e47fd277c7a772e0889f30d97abee128f47a05285d8d6

    • SSDEEP

      6144:QNfDbe7yaR7i6bDMKnJ8JH91bVP4VsG1p1Gii4CPN4X3gHckkKCrx+z:Cb/d8xwP4VsG1LnFyN4X4+x+

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks