General

  • Target

    f0cd6c6c9a2b0a10f046f758ce556733_JaffaCakes118

  • Size

    658KB

  • Sample

    240921-26zzcszbka

  • MD5

    f0cd6c6c9a2b0a10f046f758ce556733

  • SHA1

    cd86f791349612edf05567811371af7861d4d6a3

  • SHA256

    ee1c143dfd43e7f8bd7c3ef297c33627659b89399aee0c87be8d5f55100a80cb

  • SHA512

    b2dd00d48e5db398d519dbb2a78673d09505ac60fbb53e13f1f1cc3fe96329734b752eea5b5ab21bcb4ef9a96949a306b83146bbca6498c05c7534a60a35ab1d

  • SSDEEP

    12288:3I7VCfPCIgcKof9pgUVWBoUaCwXZV+bmmT2GHKSuZTTP7jbu0sGa/P8So0xMjvLe:3I7QygfPgUVWiUaCU0mo2khwvLe

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      f0cd6c6c9a2b0a10f046f758ce556733_JaffaCakes118

    • Size

      658KB

    • MD5

      f0cd6c6c9a2b0a10f046f758ce556733

    • SHA1

      cd86f791349612edf05567811371af7861d4d6a3

    • SHA256

      ee1c143dfd43e7f8bd7c3ef297c33627659b89399aee0c87be8d5f55100a80cb

    • SHA512

      b2dd00d48e5db398d519dbb2a78673d09505ac60fbb53e13f1f1cc3fe96329734b752eea5b5ab21bcb4ef9a96949a306b83146bbca6498c05c7534a60a35ab1d

    • SSDEEP

      12288:3I7VCfPCIgcKof9pgUVWBoUaCwXZV+bmmT2GHKSuZTTP7jbu0sGa/P8So0xMjvLe:3I7QygfPgUVWiUaCU0mo2khwvLe

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks