General

  • Target

    ad53a021240c3ca492fc17b70a07f903_JaffaCakes118

  • Size

    816KB

  • Sample

    240615-h94beascme

  • MD5

    ad53a021240c3ca492fc17b70a07f903

  • SHA1

    40cc56db2efcb386b38dd585112fef0145ed8cd4

  • SHA256

    acce79d4cb1c1968e0db0f8e46a0731c48b309c8a2ded437f0067a4547859185

  • SHA512

    4e8f87f756bf7f89b28121ca2d9bba8c54dd66ee7070e336695f6f7fd0a82e083b427154c92426e029407c119f59997aa9c148ab069fbd5dc8841d496636a2a0

  • SSDEEP

    12288:tyJoj7/HdCmQp4j8bxhevPWhc7n/p7XChpl9ZN0raSbwMKIt0p0MI8nntzbhzEeY:tN0emy3eUnxQNSFWfqSntzbhzEe1yib

Malware Config

Targets

    • Target

      ad53a021240c3ca492fc17b70a07f903_JaffaCakes118

    • Size

      816KB

    • MD5

      ad53a021240c3ca492fc17b70a07f903

    • SHA1

      40cc56db2efcb386b38dd585112fef0145ed8cd4

    • SHA256

      acce79d4cb1c1968e0db0f8e46a0731c48b309c8a2ded437f0067a4547859185

    • SHA512

      4e8f87f756bf7f89b28121ca2d9bba8c54dd66ee7070e336695f6f7fd0a82e083b427154c92426e029407c119f59997aa9c148ab069fbd5dc8841d496636a2a0

    • SSDEEP

      12288:tyJoj7/HdCmQp4j8bxhevPWhc7n/p7XChpl9ZN0raSbwMKIt0p0MI8nntzbhzEeY:tN0emy3eUnxQNSFWfqSntzbhzEe1yib

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks