agenttesla | 889647fa41dbe3f6f5ca5c356d021e2ca89516d7494c8c4c8cd909e65214794f | Triage

Sharing

General

Target

IoC.zip
Size

715KB
Sample

211018-yz99zaeeg9
MD5

db5f390d1104ae90448dec22b18c4b6a
SHA1

f8ca434c9f5753d39ce1543c416c29e19e67b9d1
SHA256

889647fa41dbe3f6f5ca5c356d021e2ca89516d7494c8c4c8cd909e65214794f
SHA512

edf55672fadbaf0e5cdec03b05c5c77053c07595293e1eb0b2092775ae3f80fb58d0644e3ed76c386d84a772021f532d2a053d7bc63cc02708982076eb4de429

Score

10^/10

agenttesla guloader collection downloader keylogger macro spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.rapidmail.ec
Port:
587
Username:
[email protected]
Password:
icui4cu2@@

Targets

- Target
  
  IoC/004144376948_4.xls
- Size
  
  58KB
- MD5
  
  f480fc1afe995ae4cafcb89b83295d88
- SHA1
  
  441f53d97186305891267b6b98382f2a0fa180b7
- SHA256
  
  d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
- SHA512
  
  b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score

1^/10
behavioral1 behavioral2
- Target
  
  IoC/004146831131_4.xls
- Size
  
  58KB
- MD5
  
  f480fc1afe995ae4cafcb89b83295d88
- SHA1
  
  441f53d97186305891267b6b98382f2a0fa180b7
- SHA256
  
  d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
- SHA512
  
  b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score

1^/10
behavioral3 behavioral4
- Target
  
  IoC/004149453535_4.xls
- Size
  
  60KB
- MD5
  
  f64066fff51a9027fdcc09cc945348f1
- SHA1
  
  09dfe19460e834da02a1907c22e467d187ba0db9
- SHA256
  
  f9d4af4f518410fbbff3f83d253dae9cfa1169995ac502ebc5d33752bd44132d
- SHA512
  
  15441d60dcbf65fdf17c0fe9414b0f5394c5a4105b9d5ef49c51ae3f234e52ad28a3af611e65436d00ecbde56fa5743f0b67473c818eb0d4427bb6a74c61475e
Score

1^/10
behavioral5 behavioral6
- Target
  
  IoC/004151080639_4.xls
- Size
  
  58KB
- MD5
  
  f480fc1afe995ae4cafcb89b83295d88
- SHA1
  
  441f53d97186305891267b6b98382f2a0fa180b7
- SHA256
  
  d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
- SHA512
  
  b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score

1^/10
behavioral7 behavioral8
- Target
  
  IoC/004172770391_4.xls
- Size
  
  58KB
- MD5
  
  f480fc1afe995ae4cafcb89b83295d88
- SHA1
  
  441f53d97186305891267b6b98382f2a0fa180b7
- SHA256
  
  d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
- SHA512
  
  b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score

1^/10
behavioral9 behavioral10
- Target
  
  Scan0035.exe
- Size
  
  378KB
- MD5
  
  4a5b5548aaac6cd43db49ddb7ea3366a
- SHA1
  
  66ed951f8f61eac27e44d2df5f620c165c3bc5c6
- SHA256
  
  f05fb8e19bb59ac7d58eee5d0461c9e446b0d9f07c824ebac75c3758752918db
- SHA512
  
  50ea6daa44858c683884f1f5cfd5d849905fa6a1ffbf2c255c701e2820daafbbaba5888c2464dd26ce0eff063603320f1a8d522d014b260d4e9f799a8a506160
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral11 behavioral12
- Target
  
  Schenker Italiana S.p.A. CW305.exe
- Size
  
  136KB
- MD5
  
  f9387f159f97d49649d1e6b34802dd3f
- SHA1
  
  b0f8090cb04a59d08e355553162a7fad645a3a4e
- SHA256
  
  0af20465dac642791831be79702b7c4cbf204f170b8441ab001a7519eb6dc45c
- SHA512
  
  e6a507398a4ed6279212c670ede75c25f47e82a04ef86f9f2ce7fb9fd64879a1c9bac17eaa2a0fe04bd5778d6da1167458f6716a984273820111daa70589f92c
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

agentteslacollectionkeyloggerspywarestealertrojan

behavioral12

agentteslacollectionkeyloggerspywarestealertrojan

behavioral13

guloaderdownloader

behavioral14

guloaderdownloader