General

  • Target

    4ae888539f1fbfc8f3d85a7cbddd400e_JaffaCakes118

  • Size

    710KB

  • Sample

    241016-cbg3maxane

  • MD5

    4ae888539f1fbfc8f3d85a7cbddd400e

  • SHA1

    87aaafdb3e7883809e61213da9dec927dd415ff3

  • SHA256

    153265c19c8e564e27b6895708a3a3e3fe7923ce8a6619e31b7bc59ac1ec9335

  • SHA512

    d92c19f5faeb4cb18fc2af1c51647ce7983ef3f9a8b3c328b48b66c1084846cfd41f4f495130761d00230c9dbd629720e2a8de7af7997cdeb791455fcfc3a8b0

  • SSDEEP

    12288:8Aw5R2iNeHK7znpGTcRidW7uBEjzEe+nEsJlxsHbJDv9ceDhPm:8Awz1bL/RPEEMeyEIMlv9O

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      4ae888539f1fbfc8f3d85a7cbddd400e_JaffaCakes118

    • Size

      710KB

    • MD5

      4ae888539f1fbfc8f3d85a7cbddd400e

    • SHA1

      87aaafdb3e7883809e61213da9dec927dd415ff3

    • SHA256

      153265c19c8e564e27b6895708a3a3e3fe7923ce8a6619e31b7bc59ac1ec9335

    • SHA512

      d92c19f5faeb4cb18fc2af1c51647ce7983ef3f9a8b3c328b48b66c1084846cfd41f4f495130761d00230c9dbd629720e2a8de7af7997cdeb791455fcfc3a8b0

    • SSDEEP

      12288:8Aw5R2iNeHK7znpGTcRidW7uBEjzEe+nEsJlxsHbJDv9ceDhPm:8Awz1bL/RPEEMeyEIMlv9O

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks