General
-
Target
e6abae726fe1c201ac4ff243ebba5e82_JaffaCakes118
-
Size
387KB
-
Sample
240917-m2s8payhmd
-
MD5
e6abae726fe1c201ac4ff243ebba5e82
-
SHA1
80f597cbabfc6c820c80547b949ac3d2cbc31c8b
-
SHA256
f3ea50efcd18af6f89a15f83213bd535965ab73d47806d3869a6a91d4ad2f4ae
-
SHA512
c8194b8bff9c0d4dc46eb925081313ac967e47bf5ecc645674b8e29b5bd72247163383a73b1e1c3353b106849fadbffcdc0f52a843f9118dc9908165b4934bec
-
SSDEEP
12288:vq6+SStkMHhMaayKyRcpxfUBnZzT8sG7wzmH:vquSt/BM7WcpxMd8T7wiH
Static task
static1
Behavioral task
behavioral1
Sample
sale order.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sale order.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
sale order.exe
-
Size
607KB
-
MD5
21401a802f9f8e99809f43fc149ef5af
-
SHA1
0ec95019dd88f12ecb11d143cc34049b04e69b8d
-
SHA256
b0f1177e33f69f0f6027cea30afd8b094efe3fe6b26e2ea3d927d4447b11626e
-
SHA512
ed86c15efb4c39eb46d7b2246ee974664a041c35e4bda5237702a7ad316ebb3fbbb756b3fee7e726802aa5ea34316ed913503564cb1a56c1de8f99f97b89d4c2
-
SSDEEP
6144:7RtFgERQ+3HwOzyUHKSJxJwSPhvw1MFHSxcmmmaNLO0PXmY2jnOusTqGPnds43wi:72ESo2sJ95cMkmNBOSWVOjqSs43V
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1