General
-
Target
d4452602fd93702789a7635c41c578de_JaffaCakes118
-
Size
700KB
-
Sample
240908-nrtxxateqq
-
MD5
d4452602fd93702789a7635c41c578de
-
SHA1
bde55d455ed1c018f0107f7b91d4c5d1ff0499b7
-
SHA256
221fc16f9fdd9252887317c680d227abd7ae6bf3e067e16daccdb91c691ff7dc
-
SHA512
a18ee2947b2ec94d0f76ad879ed7797fcd46b91d7c894440a2463e05c0bb6179e77853340f180f8dbf9736cb6bd4d5cf2f03afbbf5b8f8385b2937d0e14fbb6e
-
SSDEEP
12288:BG8aH69QqUf8N6YkihMLwiCkSD4kltX6rPlQPJripzascV40qNkCmmAA3A0MU0/5:g8rQqUf87uSkSDlltPRripzascV40qNQ
Malware Config
Targets
-
-
Target
d4452602fd93702789a7635c41c578de_JaffaCakes118
-
Size
700KB
-
MD5
d4452602fd93702789a7635c41c578de
-
SHA1
bde55d455ed1c018f0107f7b91d4c5d1ff0499b7
-
SHA256
221fc16f9fdd9252887317c680d227abd7ae6bf3e067e16daccdb91c691ff7dc
-
SHA512
a18ee2947b2ec94d0f76ad879ed7797fcd46b91d7c894440a2463e05c0bb6179e77853340f180f8dbf9736cb6bd4d5cf2f03afbbf5b8f8385b2937d0e14fbb6e
-
SSDEEP
12288:BG8aH69QqUf8N6YkihMLwiCkSD4kltX6rPlQPJripzascV40qNkCmmAA3A0MU0/5:g8rQqUf87uSkSDlltPRripzascV40qNQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-