General
-
Target
634a12870609d73ab9876c0ca4c0e2df_JaffaCakes118
-
Size
1002KB
-
Sample
240521-pmpcasdf69
-
MD5
634a12870609d73ab9876c0ca4c0e2df
-
SHA1
57390ccda4f5acca4f213bf338765c2b8f2edc7e
-
SHA256
410613b8d865db2ee3affda9d5dd55a76b4504ed3b75a7718db50932f9c0e6f1
-
SHA512
1d124d283cfbe9f310fcd768f81e2e61adf7882e4666410ca8ee0237591d4b90af8af571fee11a224fcd31de44c7d61916ff0d2c21eb50958d4ce04952c74bf6
-
SSDEEP
12288:1V9EljRguNSvH8arcHOINJosw6ncnAsG3EM2FdWaZnUNdUpwFarUSlTrTjj4NOQq:eldza8awNionmgQdWaZKdRYPlTnoAB
Malware Config
Targets
-
-
Target
634a12870609d73ab9876c0ca4c0e2df_JaffaCakes118
-
Size
1002KB
-
MD5
634a12870609d73ab9876c0ca4c0e2df
-
SHA1
57390ccda4f5acca4f213bf338765c2b8f2edc7e
-
SHA256
410613b8d865db2ee3affda9d5dd55a76b4504ed3b75a7718db50932f9c0e6f1
-
SHA512
1d124d283cfbe9f310fcd768f81e2e61adf7882e4666410ca8ee0237591d4b90af8af571fee11a224fcd31de44c7d61916ff0d2c21eb50958d4ce04952c74bf6
-
SSDEEP
12288:1V9EljRguNSvH8arcHOINJosw6ncnAsG3EM2FdWaZnUNdUpwFarUSlTrTjj4NOQq:eldza8awNionmgQdWaZKdRYPlTnoAB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-