Overview

overview

10

Static

static

3

d2218e8a84...18.exe

windows7-x64

10

d2218e8a84...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2218e8a847345f48ce6595ba1055e29_JaffaCakes118

  • Size

    996KB

  • Sample

    240907-rl82esxhql

  • MD5

    d2218e8a847345f48ce6595ba1055e29

  • SHA1

    468a985b52d39707425162e2c0a2a854c6e37d04

  • SHA256

    48120198618df212b02b4e08c9c7a90aea6b61b831faf373733f47f09c0046f3

  • SHA512

    c9d3110b77a56af7b3de8cf4152373f023e0ed86afe5008e6e71205ba84d0cd12bf5b4e3cf4c460276c154f633df271769b9e004ab112286538a00ea5170d884

  • SSDEEP

    12288:Ta1SY/r3ESmI+Kd0s1Ke9p69PEAWRrEru722H+VEiaDk3DKsbHP:G13D3ESt+KysksphjK5f

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.fanosethiopiatours.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    OPtamiue007

Targets

    • Target

      d2218e8a847345f48ce6595ba1055e29_JaffaCakes118

    • Size

      996KB

    • MD5

      d2218e8a847345f48ce6595ba1055e29

    • SHA1

      468a985b52d39707425162e2c0a2a854c6e37d04

    • SHA256

      48120198618df212b02b4e08c9c7a90aea6b61b831faf373733f47f09c0046f3

    • SHA512

      c9d3110b77a56af7b3de8cf4152373f023e0ed86afe5008e6e71205ba84d0cd12bf5b4e3cf4c460276c154f633df271769b9e004ab112286538a00ea5170d884

    • SSDEEP

      12288:Ta1SY/r3ESmI+Kd0s1Ke9p69PEAWRrEru722H+VEiaDk3DKsbHP:G13D3ESt+KysksphjK5f

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks