Overview

overview

10

Static

static

3

JaffaCakes...f6.exe

windows7-x64

10

JaffaCakes...f6.exe

windows10-2004-x64

7

$PLUGINSDI...ji.dll

windows7-x64

10

$PLUGINSDI...ji.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_ba9d3f63058ea4041190e82e03ffd5f6

  • Size

    270KB

  • Sample

    250109-dmfvdavrhv

  • MD5

    ba9d3f63058ea4041190e82e03ffd5f6

  • SHA1

    2bd055abacc3b9ad6f7cb1fa8613c7c44fd21943

  • SHA256

    bfb35a39b72e24ce801468a629e64b1806ae5cf8339ade1ee7f145ec4497be93

  • SHA512

    7e2d37dd5921cda5ebff477308644b1a7f1b2586e6792f17d6f59b911dc04ed91db2569032dd9d5f3fa29e9caefb906153336052c256297354cfe73fc58b5462

  • SSDEEP

    6144:wBlL/c5bsFKd4xN3dRWrJYoozpSbRugzPsVKiyJ:Ce5AEa6VYhpSgePQd6

Score
10/10
agentteslacollectiondiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2046248941:AAG5Z0PyWwtApmPaysBm59voK10ec9Rgnaw/sendDocument

Targets

    • Target

      JaffaCakes118_ba9d3f63058ea4041190e82e03ffd5f6

    • Size

      270KB

    • MD5

      ba9d3f63058ea4041190e82e03ffd5f6

    • SHA1

      2bd055abacc3b9ad6f7cb1fa8613c7c44fd21943

    • SHA256

      bfb35a39b72e24ce801468a629e64b1806ae5cf8339ade1ee7f145ec4497be93

    • SHA512

      7e2d37dd5921cda5ebff477308644b1a7f1b2586e6792f17d6f59b911dc04ed91db2569032dd9d5f3fa29e9caefb906153336052c256297354cfe73fc58b5462

    • SSDEEP

      6144:wBlL/c5bsFKd4xN3dRWrJYoozpSbRugzPsVKiyJ:Ce5AEa6VYhpSgePQd6

    Score
    10/10
    agentteslacollectiondiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aneyji.dll

    • Size

      19KB

    • MD5

      f7a30cb571aa862021ff786169f72a80

    • SHA1

      d002635afeacd67ad2e5764d4dd07e0ec5f49ae3

    • SHA256

      3c3b81e2f3de386bb78562b8005fcc582aa83d1bd5ac99aca14bd235f401c018

    • SHA512

      7fc63a94a72b93ff57645d3e8c92726b7f77976ed5801461bfdaf4638dd8376565dad5f6663d1e0bd064e7521230b2b9f7aae90a5733f387fa003b22b501c69e

    • SSDEEP

      384:mjrLtiTvRxxt1BoXiaQxmCc1abG8QMqjfB4z:krLYTvR7xJxmpKG8ay

    Score
    10/10
    agentteslacollectiondiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks