General

  • Target

    e1825199b05949054ee72d31415a8a63_JaffaCakes118

  • Size

    820KB

  • Sample

    240915-cp52ls1apf

  • MD5

    e1825199b05949054ee72d31415a8a63

  • SHA1

    2d6eba1bdec462e828b56ba947aab3863d525449

  • SHA256

    76fbcd12b4067240949298ef0a8a970788e15808985d7f8ac37660816558db49

  • SHA512

    65b627633dbe21379bcb3dc326b38e6939c8a2d9595729b15951dbabddb57b4f3cb975c65ce7a3fc1f9a07a7a13cf762334263eb8eb4f8eff4f83330d103c77e

  • SSDEEP

    12288:MZdvG9gsBqk1k4z2p6CNndyXVfdyZbWeHkxQUaUSJ8PA1um2Tetqx:cG9gsBKG2cCXQfdyFWQSOJoAZ2iA

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.hermanusbearings.co.za
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    $Victory2019$

Targets

    • Target

      BL draft pdf.exe

    • Size

      758KB

    • MD5

      7e7f55f473bc65b1ec8faa71fcb79092

    • SHA1

      5875cdb728cb9523060b9c96265c55427381ad31

    • SHA256

      7d51edd0feeee939f61acbc7ba9271fc6d034095076929d866dc6285c44dd02b

    • SHA512

      480b21afa715943de6d9193783d91d0b34c0980b4f40988b3f79add526b70142fe5f3a462544ce0aab1cb1f232c9c1304e46a69737fb1625ac7111138710a664

    • SSDEEP

      12288:mZdvG9gsBqk1k4z2p6CNndyXVfdyZbWeHkxQUaUSJ8PA1um2Tetqx:2G9gsBKG2cCXQfdyFWQSOJoAZ2iA

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks