General

  • Target

    f02bd49ed33a2243d71bb1bbe592f39b_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240921-trt6ka1hqq

  • MD5

    f02bd49ed33a2243d71bb1bbe592f39b

  • SHA1

    bb186421c86cf6d10460fceb687be810f8e30e14

  • SHA256

    c679ad5f23eff3fe9fbe5e40b07df9b8ecd4804b5f4330c34a4d25d457e3dffa

  • SHA512

    5c43d4c0c8edd8ee9761a5f13eb50c729c5603a61d0dc741d9ba51d94965711687ee3b77f656998f93105885f53b747670ea2e7402367e73037277bb2a55ae65

  • SSDEEP

    12288:tomgp5yj6jRPLjRPqjBjjyjBjBjBjBjLjcDnrfQPOULRVKKsi/3fXNVSAFH2W/IF:9Lro2M8PK3f9VXlR/I9hsC5

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Blessings@12345

Targets

    • Target

      f02bd49ed33a2243d71bb1bbe592f39b_JaffaCakes118

    • Size

      1.0MB

    • MD5

      f02bd49ed33a2243d71bb1bbe592f39b

    • SHA1

      bb186421c86cf6d10460fceb687be810f8e30e14

    • SHA256

      c679ad5f23eff3fe9fbe5e40b07df9b8ecd4804b5f4330c34a4d25d457e3dffa

    • SHA512

      5c43d4c0c8edd8ee9761a5f13eb50c729c5603a61d0dc741d9ba51d94965711687ee3b77f656998f93105885f53b747670ea2e7402367e73037277bb2a55ae65

    • SSDEEP

      12288:tomgp5yj6jRPLjRPqjBjjyjBjBjBjBjLjcDnrfQPOULRVKKsi/3fXNVSAFH2W/IF:9Lro2M8PK3f9VXlR/I9hsC5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks