Overview

overview

10

Static

static

3

J20012045.exe

windows7-x64

10

J20012045.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c813b9a6248ac89c0cae88480bc2c200_JaffaCakes118

  • Size

    773KB

  • Sample

    240829-czxszszbkf

  • MD5

    c813b9a6248ac89c0cae88480bc2c200

  • SHA1

    78c6c63d09296d23156c1778a1fbfdf3e2b70450

  • SHA256

    f5a0d64c5abea4b018d6e7063cd865ac1b5bfbcf933d0a00ff1f9526c273ebae

  • SHA512

    a46b8f344e04dbd92f22b00ae9803ef5f411853fb6630aabcbfcbd98fff78973e3ddfeede2f4a5bb3f36fca3b87a2c0598007ae9c113f1506bfbaf5a52e47b00

  • SSDEEP

    12288:AVziVuTB7/hPzX7WoniOY1DU+NNVTBwHdbJNOZI8eOXOfz49pEtHc9423:AYAFlzX7iOz0dBwHdbJNOheO+r4wJON3

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.hybridgroupco.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Obinna123@@@

Targets

    • Target

      J20012045.exe

    • Size

      629KB

    • MD5

      9cfac2bf860acb8b144a869bd522d7a7

    • SHA1

      d9338f01b3d32e4bf3065001893a5e4dc718af82

    • SHA256

      1c1c6bfbfeae548e4d7bb7fd4979a7c4a5096d578e74474684d6dc746149f866

    • SHA512

      1479cd423adba702997f1898c956be4e3ca8adb241af3592641e31a13a481692edeffe6751561b2b55e1564ff1fe14b5d28b670414c8e2f2df2f59949e86f00a

    • SSDEEP

      12288:LdncajSmEs0N7eCiGJEZOhATkYwfIInbqKbfS6ntAIaC:5ca/EJiAdhbYwfIqbvbRtA5C

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojancollectioncredential_access

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks