General
-
Target
e892599071e87878b8c8797d85cfd5fb_JaffaCakes118
-
Size
663KB
-
Sample
240918-hwtj2sybjf
-
MD5
e892599071e87878b8c8797d85cfd5fb
-
SHA1
611989a289c2922d8f7358f1e4c8aa8dac3efe38
-
SHA256
32c3be6346c7fd081d366de6f2a3f90c60546751b6494fb20e80ea1ec022f0d2
-
SHA512
366477757c42839668e3681ca36437120eb529c6decb5f3a30d1b63775d3e04bc7df1e73a32781d7b10d694921d19dea498d1a6258ccf93e73d37161873ae3e5
-
SSDEEP
12288:4xz/boseRjS7l8O4FWTKWfODi6pZCvdkCCS82hcEYba3XS9:ckxR+H4AhfGzVShSVbqU
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
164857564838946353573_doc.exe
-
Size
821KB
-
MD5
896224a295f55d316d704f7b0f6bf2a1
-
SHA1
2d566bc2e74ddb55d867482b46e38c7571c967d7
-
SHA256
6e2a513005e165c08ee032cbc0d739a60880fd47ea22e5cdece091d456b09706
-
SHA512
3c59530fadc3625c59f63da56d2660874a6d691d6c7a110b3b8f4fec351937c9c83eec6c40443c0387e4ea8f10512a3b92650f2344e55e7987ff092454e1cb74
-
SSDEEP
12288:VO+We1q9I6/kVdSC0Dycod+ik4g8ylSoDTG+yuKqhQ0ZfH87LR2:VO7eudWYrE3oDC+/KqhQ01HCl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-