General

  • Target

    bc82e85e34abc9e5694549dc5235df1e_JaffaCakes118

  • Size

    412KB

  • Sample

    240618-r6sj6sybkf

  • MD5

    bc82e85e34abc9e5694549dc5235df1e

  • SHA1

    074e325d0907e87adf4fe8ccec600e7cb2ab7736

  • SHA256

    6f5843d4fba7f06fd01a4b08e25295497ba196a5d070138bcc6c4f860d2e01f0

  • SHA512

    87fde58b98e2fa408be73cda556809341d11ce63df64c9579d62c82d51a9fa340eca822d65c3f57d883ada5615c24e2bc99909c7588607ae6acd0206818837ec

  • SSDEEP

    12288:/fdnqvnq2ee9wY6h4bvltbgmudF3tWlbtmYL2Q:dnqvq2nwR4bXqvtWFSQ

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.caterdevice.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    dhh114

Targets

    • Target

      REQUEST FOR PRODUCTS SUPPLY.exe

    • Size

      762KB

    • MD5

      47f363f18aab493da421c6bd96a199c2

    • SHA1

      5586e81bd878e709d449e083febf7ac87496b5f3

    • SHA256

      31e9e7ca798fc5177eb571c001d4d7ae44e141818fa31fb8fe654d44afe3df53

    • SHA512

      f359edde2841c785e7997a3151d060f22f914a767d53961b075ea240ad1e9c0b86a6780f09c5afb9aaaab7e614239830ba222764a6698b0e558c2f4881865dd5

    • SSDEEP

      12288:6iTzYG1w0wODUfB1gomk2UB5LuxZ7f3LeOp8lqW6fTI03NdAA:6iTz/tUf5mkv5KP7fbeOpac33A

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks