General
-
Target
ca061301b457dd38398234c19bdc436d_JaffaCakes118
-
Size
1.4MB
-
Sample
240830-ccezna1gpf
-
MD5
ca061301b457dd38398234c19bdc436d
-
SHA1
2b6e0edc6a572c579d517e3f8b7058ec842a23ed
-
SHA256
670a00c65eb6f7c48c1e961068a1cb7fd3653bd29377161cd04bf15c9d010da2
-
SHA512
dc70feb9f2830775efd345f416a992209ecb1f7edb7e36a267de31f4d6a98135d0728ce98ef1ecb8520e7e2cc68ea63d447baf5d7aed49acda2d7033b92ac893
-
SSDEEP
24576:vu6Jx3O0c+JY5UZ+XC0kGso/WaOxd08AUSltkrF0TydEFiM1aawzAWY:ZI0c++OCvkGsUWaO3tFzG+gy5XY
Malware Config
Targets
-
-
Target
ca061301b457dd38398234c19bdc436d_JaffaCakes118
-
Size
1.4MB
-
MD5
ca061301b457dd38398234c19bdc436d
-
SHA1
2b6e0edc6a572c579d517e3f8b7058ec842a23ed
-
SHA256
670a00c65eb6f7c48c1e961068a1cb7fd3653bd29377161cd04bf15c9d010da2
-
SHA512
dc70feb9f2830775efd345f416a992209ecb1f7edb7e36a267de31f4d6a98135d0728ce98ef1ecb8520e7e2cc68ea63d447baf5d7aed49acda2d7033b92ac893
-
SSDEEP
24576:vu6Jx3O0c+JY5UZ+XC0kGso/WaOxd08AUSltkrF0TydEFiM1aawzAWY:ZI0c++OCvkGsUWaO3tFzG+gy5XY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-