General

  • Target

    fca681ab84b7944e25aae8eed810be6a_JaffaCakes118

  • Size

    541KB

  • Sample

    240928-tge9natgpm

  • MD5

    fca681ab84b7944e25aae8eed810be6a

  • SHA1

    86a8575356c6fea3a7cd97cb39ceaf9e00208bbb

  • SHA256

    5be9a53986e565d11dc80aabb0f4d08eecc2c27a7f7c000710be48017f273032

  • SHA512

    4c1727760e9586ee72fa757c341efe6e79a584662d2a6e13d31bb97400f33eaaad0113d6517414e9bb78823bc541077ef5e7cde2ed562ca56777983d7594ee35

  • SSDEEP

    12288:nGFJqrEG3BrBW41718C3py/YrVIrg/JRzEQwb:SqQiDW4F1X3pk0Vig/3AQK

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.signtradeonline.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    34DOIoQd7HYy

Targets

    • Target

      fca681ab84b7944e25aae8eed810be6a_JaffaCakes118

    • Size

      541KB

    • MD5

      fca681ab84b7944e25aae8eed810be6a

    • SHA1

      86a8575356c6fea3a7cd97cb39ceaf9e00208bbb

    • SHA256

      5be9a53986e565d11dc80aabb0f4d08eecc2c27a7f7c000710be48017f273032

    • SHA512

      4c1727760e9586ee72fa757c341efe6e79a584662d2a6e13d31bb97400f33eaaad0113d6517414e9bb78823bc541077ef5e7cde2ed562ca56777983d7594ee35

    • SSDEEP

      12288:nGFJqrEG3BrBW41718C3py/YrVIrg/JRzEQwb:SqQiDW4F1X3pk0Vig/3AQK

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks