General
-
Target
d7f0514e9331f8ea57f6561b63dc163c_JaffaCakes118
-
Size
766KB
-
Sample
240910-kyvw1axcnf
-
MD5
d7f0514e9331f8ea57f6561b63dc163c
-
SHA1
bfc71a012120ddc4aa12833d9232519273301121
-
SHA256
fa094ea936fc71578f0d86b3a8b7cfb0f6f18dad451770757c2037f5d518b1b8
-
SHA512
ab88cf66bb6ba81273988d44b05e96359db487f86c229d1d90b84339e1b9dcff4241f0e85418978f878504d2327879d6f722503a1ef3b5c000cd8ec4ce3030d2
-
SSDEEP
12288:Z1eRRAfxCIUnyNOI/SN/HWQZUpgmGbX9E5OqxSyr:viRO8nyNOI0u7CgtxS+
Malware Config
Targets
-
-
Target
d7f0514e9331f8ea57f6561b63dc163c_JaffaCakes118
-
Size
766KB
-
MD5
d7f0514e9331f8ea57f6561b63dc163c
-
SHA1
bfc71a012120ddc4aa12833d9232519273301121
-
SHA256
fa094ea936fc71578f0d86b3a8b7cfb0f6f18dad451770757c2037f5d518b1b8
-
SHA512
ab88cf66bb6ba81273988d44b05e96359db487f86c229d1d90b84339e1b9dcff4241f0e85418978f878504d2327879d6f722503a1ef3b5c000cd8ec4ce3030d2
-
SSDEEP
12288:Z1eRRAfxCIUnyNOI/SN/HWQZUpgmGbX9E5OqxSyr:viRO8nyNOI0u7CgtxS+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1