General
-
Target
be6f7a9f9c1b036c8b400f9427bfb92b_JaffaCakes118
-
Size
701KB
-
Sample
240824-mw6ltsybjm
-
MD5
be6f7a9f9c1b036c8b400f9427bfb92b
-
SHA1
a18ea6e155bf1631785daa44dddc9833e77ec117
-
SHA256
e01a1498ddba0f00d2dc072ab76c9949f2e491ba71dd14594e16e90f5e04f551
-
SHA512
a0867b6ee714452008632fbeded3aaf30b8ad400f79252257c9ee63938bec274f6b8fb6de020541f22e61b4ad62fd789ecceb5030cbf27a1a436f0dbeca0c494
-
SSDEEP
12288:zCTtal4rVtx79YUWaoLWTT2i4n/dHulz6RjzON+u3TbSBTqyF:zCTtamVtt9YUWri4/dHuo3C+MTZyF
Malware Config
Targets
-
-
Target
be6f7a9f9c1b036c8b400f9427bfb92b_JaffaCakes118
-
Size
701KB
-
MD5
be6f7a9f9c1b036c8b400f9427bfb92b
-
SHA1
a18ea6e155bf1631785daa44dddc9833e77ec117
-
SHA256
e01a1498ddba0f00d2dc072ab76c9949f2e491ba71dd14594e16e90f5e04f551
-
SHA512
a0867b6ee714452008632fbeded3aaf30b8ad400f79252257c9ee63938bec274f6b8fb6de020541f22e61b4ad62fd789ecceb5030cbf27a1a436f0dbeca0c494
-
SSDEEP
12288:zCTtal4rVtx79YUWaoLWTT2i4n/dHulz6RjzON+u3TbSBTqyF:zCTtamVtt9YUWri4/dHuo3C+MTZyF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1