agenttesla | 3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...TK.exe

windows7_x64

Purchase O...TK.exe

windows10_x64

Sharing

General

Target

3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150
Size

90KB
Sample

220121-z75j5abbh2
MD5

6c24b895b5e54e8a7ef3d11f4f18c381
SHA1

a87f1fdb2a4aa25f5d6b211ff4a7b6646ffca03a
SHA256

3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150
SHA512

13d616e061094aa4c903b0a4f8e3ce6f3eb2a71b5b01787f8be999995af7dd921580a0155d50d6ba8a1128ba4390dfe39ebb443ab06b8158a3e1d402524740a0

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order PO20211027STK.exe

Resource

win7-en-20211208

agenttesla guloader downloader keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order PO20211027STK.exe

Resource

win10-en-20211208

agenttesla guloader downloader keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.construccionsjpallas.com
Port:
587
Username:
qualitat@construccionsjpallas.com
Password:
zXHR1YDJL5

Targets

- Target
  
  Purchase Order PO20211027STK.exe
- Size
  
  127KB
- MD5
  
  2f2102ec5776497950e89e419515efee
- SHA1
  
  1d3dd4ed88af22c3de29c918b37db6f0b73c94c4
- SHA256
  
  7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
- SHA512
  
  963b79cb63703ea6a6e8d70bbe76fadc660e10b801283a3812a76f773ee36210171437794dad0b4ee11e8a2f34645c88c7463526be03274ffdf48ec81823032a
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- AgentTesla Payload
- Executes dropped EXE
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy