Overview

overview

10

Static

static

3

c933548394...18.exe

windows7-x64

10

c933548394...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c93354839421ac1e3cdb47ea45236274_JaffaCakes118

  • Size

    697KB

  • Sample

    240829-t3tn6sshrm

  • MD5

    c93354839421ac1e3cdb47ea45236274

  • SHA1

    423b585b453d7c3efe0eb769c4d37c0127c7ae8e

  • SHA256

    70006763ec3163b32c42b33f231f4f0a79eaa621fafc105f938c05fc8c823708

  • SHA512

    5364ba8da4c2e4be222f39669a1b266b5a7212c55ec1cec107eebc298a10eac896aa61c014399165dc7655c4c8871a12bb01673fb5389675ef5ee01b7a7ba2e4

  • SSDEEP

    12288:UCDqFHXLbK3B/GhIuLxyNnB/qF45Ni4Jsv8GC2Tj9Q0nelEyG8Gvx496B:UC/GBxyNZqwDDGtGlEyG8Cx

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.nordpharm.ro
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Farmacie1

Targets

    • Target

      c93354839421ac1e3cdb47ea45236274_JaffaCakes118

    • Size

      697KB

    • MD5

      c93354839421ac1e3cdb47ea45236274

    • SHA1

      423b585b453d7c3efe0eb769c4d37c0127c7ae8e

    • SHA256

      70006763ec3163b32c42b33f231f4f0a79eaa621fafc105f938c05fc8c823708

    • SHA512

      5364ba8da4c2e4be222f39669a1b266b5a7212c55ec1cec107eebc298a10eac896aa61c014399165dc7655c4c8871a12bb01673fb5389675ef5ee01b7a7ba2e4

    • SSDEEP

      12288:UCDqFHXLbK3B/GhIuLxyNnB/qF45Ni4Jsv8GC2Tj9Q0nelEyG8Gvx496B:UC/GBxyNZqwDDGtGlEyG8Cx

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks