agenttesla | 4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063 | Triage

Submit
Reports

Overview

overview

Static

static

HSBC Custo...on.exe

windows7_x64

HSBC Custo...on.exe

windows10_x64

Resubmissions

15-09-2021 07:38

210915-jgwarsdbgq 10

15-09-2021 05:10

210915-ftpf7sbhar 10

Sharing

General

Target

HSBC Customer Information.exe
Size

120KB
Sample

210915-jgwarsdbgq
MD5

448f83467c61e465162daf7cf8d9e88f
SHA1

c627061336905606c2c26b2b460ac4246fd54ca5
SHA256

4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
SHA512

1f72e8cc6ec0c5d8f82a47ccd0e8dfa91bb9e7e90a00b34a6a466c8823579e58330f4c709ecb6c580814c3875bf618c1cbb7a5c83f70e8be08dbe46ca1a41fe3

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

HSBC Customer Information.exe

Resource

win7-en

guloader downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

HSBC Customer Information.exe

Resource

win10-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.qrextechnologies.com
Port:
587
Username:
gmx@qrextechnologies.com
Password:
2)4#8tVp2d%q

Targets

- Target
  
  HSBC Customer Information.exe
- Size
  
  120KB
- MD5
  
  448f83467c61e465162daf7cf8d9e88f
- SHA1
  
  c627061336905606c2c26b2b460ac4246fd54ca5
- SHA256
  
  4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
- SHA512
  
  1f72e8cc6ec0c5d8f82a47ccd0e8dfa91bb9e7e90a00b34a6a466c8823579e58330f4c709ecb6c580814c3875bf618c1cbb7a5c83f70e8be08dbe46ca1a41fe3
Score

10^/10

guloader downloader agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- AgentTesla Payload
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy