General

  • Target

    e06eabb5ec39afc9df92a36d9aff7347_JaffaCakes118

  • Size

    539KB

  • Sample

    240914-sd4meazhjh

  • MD5

    e06eabb5ec39afc9df92a36d9aff7347

  • SHA1

    bef2716ea80432f5c196f900d0cf0c06f2449e51

  • SHA256

    ddce93e04303bababc6a38bc0ee011ac8d55905f9f32d3d2f21fcb31de681dce

  • SHA512

    2ce3afd280c014952f1122a54c4b0c8d0045f57f78b3e8f62f4e1ccfd3b8102c893a0f1218b0a26b9365109dba01e88fc89b653b503175f93fc77e35d350123a

  • SSDEEP

    12288:egz6hG1y9YgggdiK29lBWd32WlqzSsT/HuiwZdJYzinq6/lT:vggFvBA2hWifqZMiq6/

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.seroval.com
  • Port:
    587
  • Username:
    kohl@seroval.com
  • Password:
    5dB83uEf@Ude

Targets

    • Target

      e06eabb5ec39afc9df92a36d9aff7347_JaffaCakes118

    • Size

      539KB

    • MD5

      e06eabb5ec39afc9df92a36d9aff7347

    • SHA1

      bef2716ea80432f5c196f900d0cf0c06f2449e51

    • SHA256

      ddce93e04303bababc6a38bc0ee011ac8d55905f9f32d3d2f21fcb31de681dce

    • SHA512

      2ce3afd280c014952f1122a54c4b0c8d0045f57f78b3e8f62f4e1ccfd3b8102c893a0f1218b0a26b9365109dba01e88fc89b653b503175f93fc77e35d350123a

    • SSDEEP

      12288:egz6hG1y9YgggdiK29lBWd32WlqzSsT/HuiwZdJYzinq6/lT:vggFvBA2hWifqZMiq6/

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.