agenttesla | 035f44cce07f951f0c65f1431efbdb466cde75e78335fdb9914c78a9343875c2 | Triage

Sharing

General

Target

Phoenix.zip
Size

4.8MB
Sample

240428-pacgzaff7t
MD5

e02610619e7d819e78f43ede2d4bc840
SHA1

fcb2ad77cfe155398d7621487eee239bd63972ad
SHA256

035f44cce07f951f0c65f1431efbdb466cde75e78335fdb9914c78a9343875c2
SHA512

3f0bf6b8250f5d5646decfaccfe9cca0d05778e676e67e296d74e134e0a9825315ac7013aa9016d00b98e38e576ae43ef7bc677f05814db0f3a978bfd67b63ff
SSDEEP

98304:w+603o3yDCJNw/sJm9VtyKkOniMLAKh8tXSYfdSKIxvOUS:w+6F7w8K3iM0Kh8tXSuA/mz

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  Phoenix/Anarchy.dll
- Size
  
  671KB
- MD5
  
  114c7b25a6b653bfacaefff922f20877
- SHA1
  
  912347b80dc6f228434d96cb31af234a63d3c39d
- SHA256
  
  472f815713c9e5d448a4cfeaa409049bfefdca4287d4ab62b376a2e9b803503d
- SHA512
  
  c9b02f819a1fa443aedba10804c16b57197f5c5c499bc5464e8d6a1cafafd7196da297c3292c4e9325617bdab565c208ce9f09edf07478360bc17b322668005f
- SSDEEP
  
  6144:KEghTjvgUiFRElvVW+Gc21kxWoxn/CSUlcwGHF9Ls1TZqT2QwI7l1NkRD7W1jSyz:ChoUK7ogbTZ+BcQGSy0
Score

1^/10
behavioral1 behavioral2
- Target
  
  Phoenix/DiscordRPC.dll
- Size
  
  82KB
- MD5
  
  3956130e36754f184a0443c850f708f8
- SHA1
  
  4874cd51b0fa5652ed84e3b0c123bee05dcdffc8
- SHA256
  
  25c39f91f737d80040c72c9e3f95db0fece1c9653f501828adc16cfb1ec59d26
- SHA512
  
  157143dd69378e9914ddbb934229cfbc99ae7d80f4f787b7799fc254054d2c7b1e6f4551cddea30470e28b61309f858fcdb2d009b1c32953dfe5ea7fe78e9e48
- SSDEEP
  
  1536:RICqBkny2//yF9999999999dGxde6HYPM4Q+mRxpSNh:RNy2//yF9999999999dn6b4Q+mWh
Score

1^/10
behavioral3 behavioral4
- Target
  
  Phoenix/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c97f23b52087cfa97985f784ea83498f
- SHA1
  
  d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
- SHA256
  
  e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
- SHA512
  
  ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
- SSDEEP
  
  49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score

1^/10
behavioral5 behavioral6
- Target
  
  Phoenix/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral7 behavioral8
- Target
  
  Phoenix/Phoenix.exe
- Size
  
  5.6MB
- MD5
  
  1e09922d9ebca4374a64998bc0949bde
- SHA1
  
  474e620e852339cf01c44721d6f8663144d4ebd1
- SHA256
  
  539635d689f2d880bf0e29b6fbc95fa7df68d7d818e0096fba7a8700846a4dc3
- SHA512
  
  07f63b8bf6e2b4781d859e7a3dc6d85209709ad32c74d68789a435972200c78404d5fdfbc23cd4cb9783d2bacb707b88ef88aed38f0a7a9faf56b2b3ccd6b748
- SSDEEP
  
  98304:iDVt2sjC7YM1eqh85elVOlVdsOdlVdsO3BbBWIgWljGxRB/LL8pVds+:7siYM0qh85eli4xRBj
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

agentteslakeyloggerspywarestealertrojan

behavioral10

agentteslakeyloggerspywarestealertrojan