General

  • Target

    f22912cbc0d7b2505bae8bf268cc2e66_JaffaCakes118

  • Size

    785KB

  • Sample

    240922-rd4fzatapk

  • MD5

    f22912cbc0d7b2505bae8bf268cc2e66

  • SHA1

    16cec5347a8753d861681f300355668b5115db41

  • SHA256

    f7c5429a185569e355d9ee8597eac5d75e6079fd91713e77ec2af675fe9b7f1f

  • SHA512

    f8000bca1d470d68ba4d31ae61c80e6e50a8ec897156be82f4bcf024425235dd2a2f4427d4df52b1c24b669994d60e81ad331b73ad7f000d26e02cf0d620960c

  • SSDEEP

    12288:tYV6MorX7qzuC3QHO9FQVHPF51jgcTy6SikT5KzoSsD2mSfYwI/RtNdMKrDi6:CBXu9HGaVHW6drzzu/p/RtNdXF

Malware Config

Targets

    • Target

      f22912cbc0d7b2505bae8bf268cc2e66_JaffaCakes118

    • Size

      785KB

    • MD5

      f22912cbc0d7b2505bae8bf268cc2e66

    • SHA1

      16cec5347a8753d861681f300355668b5115db41

    • SHA256

      f7c5429a185569e355d9ee8597eac5d75e6079fd91713e77ec2af675fe9b7f1f

    • SHA512

      f8000bca1d470d68ba4d31ae61c80e6e50a8ec897156be82f4bcf024425235dd2a2f4427d4df52b1c24b669994d60e81ad331b73ad7f000d26e02cf0d620960c

    • SSDEEP

      12288:tYV6MorX7qzuC3QHO9FQVHPF51jgcTy6SikT5KzoSsD2mSfYwI/RtNdMKrDi6:CBXu9HGaVHW6drzzu/p/RtNdXF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks