General
-
Target
ab87fbbe5f73895c1fd602cdf3624919_JaffaCakes118
-
Size
926KB
-
Sample
240819-srcqva1grf
-
MD5
ab87fbbe5f73895c1fd602cdf3624919
-
SHA1
481e7876d9f469328b44912918991764e609ca38
-
SHA256
1fa764af51001e20f5b7967f6643e489d0c953bc09a3d710987f81d5a0c5afc1
-
SHA512
08f316411523fe16dfd44e4369cc66d45e26dfe4b0d0fdcbc868c3ca84c2a250d98a104ffd49286d0835d6a1fc34bdd5925340a64d7297558746f26b1a5f8106
-
SSDEEP
24576:bbflXpntG8/n+d/1gMkJRKCxK46/ZPDxpP+DMaBnGGxYyX:bjVpnbGd/eYCP6xPwDxGGxYE
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dadupipes.com - Port:
587 - Username:
[email protected] - Password:
Ei&5?wc3%4La
Targets
-
-
Target
BANK REPORT FOR PAYMENT.exe
-
Size
1.4MB
-
MD5
68fe304a73ae0902450e76c4eb4b0633
-
SHA1
14ab17cb587ac00b2beaf5f653834afa609ec7bb
-
SHA256
2adb3891f61ab6b0331e50da04a3cbbfef3a578da513e8360cd567727ed5e790
-
SHA512
f0bf452572f80b8e87f1610dda09214f525110b5cf584e9a805c356873f03b637ca19c58142917d46327f6bf193762aee72acb3d9b3d1e6e6c8cac3ac0165ee8
-
SSDEEP
24576:atb20pkaCqT5TBWgNQ7a9D5RrtASbsLahiwhhDe+Jcd6A:HVg5tQ7a9PtmTwrDeQc5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1