General

  • Target

    ddcf53eb6f0b102e0836f80ff016b5da_JaffaCakes118

  • Size

    711KB

  • Sample

    240913-gn6c7syanf

  • MD5

    ddcf53eb6f0b102e0836f80ff016b5da

  • SHA1

    7043675e3304d7a52b56378c05c058093283864d

  • SHA256

    f575b00c8617ae312ee2e6bb708a588c2e3ebf893ce9f46cb880efbef8679e07

  • SHA512

    25f4807cda37c5baf284f5654c5bd9af3b2b6317b7bc23cf8112e7a018b1f51237fbd6290584087d59c6676672f3882dc4886f58c71a4ed97b02dfd131d19d2b

  • SSDEEP

    12288:XKDolutzs7JQ31F/weUwDTekIrdlo1jUt1/A06xFtXnwcOD+VecpGIa0yVXNK2Og:XWeuvXorzkOfsIYzt3P155ypN1Og

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mmm777

Targets

    • Target

      NEW_ORDER_ENQUIRY.PDF.exe

    • Size

      843KB

    • MD5

      3636163fee6bfb2fd4a3a1f68a1e1bde

    • SHA1

      9959c3c8385f15c60a60020adbab4825d7ed4bbb

    • SHA256

      913bdba98e1faeffc0e7d2bcaaa4a4d9c7fa954747b2c53f4301670cd32645b5

    • SHA512

      bef6480888dc57b9cc65755297b6d7dedbbf2935ab32289a1b3eadf7d2789f618a497abeccb3e3a2b25637d041eb8adc1cb00fba5b91edc93088b1d2edecaaed

    • SSDEEP

      12288:YNtQ1L2cZPvq1igKj7QAdUJ60ixdtln2Sm7IVeCpG8+0eNHNw6K:l1fPuOQAYu/tNzlrtehN2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks