General

  • Target

    e4c9b4087c5f5474c58de7848f352d11_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240916-pvd7asxhkm

  • MD5

    e4c9b4087c5f5474c58de7848f352d11

  • SHA1

    8056f81b2fabf3dc98202dbd194e73e6e9efc46f

  • SHA256

    8343e4d3a3599b845d0a466bf52f0e110100451bf773559a356fc4fc60eeaa54

  • SHA512

    7d4a6188768c9dbe5fad97551d3a42a7de09333820710e45ec5d3071871988d8f99546b131f7e993dcf8ce9e3cdca585b0d19740f2eb7f347c6340261e81ffeb

  • SSDEEP

    24576:sx6tux8GaXJRc56R83utBsS3/nxJX/4X/otEZ4UJKW1mzLFeCXDMDY4U7:HJuyBsMoRZ4UJKW1mzLFeCXDMDY4U

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      e4c9b4087c5f5474c58de7848f352d11_JaffaCakes118

    • Size

      1.9MB

    • MD5

      e4c9b4087c5f5474c58de7848f352d11

    • SHA1

      8056f81b2fabf3dc98202dbd194e73e6e9efc46f

    • SHA256

      8343e4d3a3599b845d0a466bf52f0e110100451bf773559a356fc4fc60eeaa54

    • SHA512

      7d4a6188768c9dbe5fad97551d3a42a7de09333820710e45ec5d3071871988d8f99546b131f7e993dcf8ce9e3cdca585b0d19740f2eb7f347c6340261e81ffeb

    • SSDEEP

      24576:sx6tux8GaXJRc56R83utBsS3/nxJX/4X/otEZ4UJKW1mzLFeCXDMDY4U7:HJuyBsMoRZ4UJKW1mzLFeCXDMDY4U

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks