agenttesla | 3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
Size

279KB
Sample

220308-lmtegafhfk
MD5

385a9512ddecd69116dfa97bf7e6be06
SHA1

f7ec0e9b790b42c5a1b094460879674af1c65806
SHA256

3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
SHA512

8490ebdf4466b98f189ef4a2092ec68534013dea1fa71f34577d0d93c5f9e5d317b6eec4f9de6de4f68a8af98b45e72f007646dc64417f7c6b7ab77f69af4ac6

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26.exe

Resource

win10-20220223-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5013020608:AAFu_btAZRcQ9V-SvEIxL9rCbb_x1A-9IJo/sendDocument

Targets

- Target
  
  3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
- Size
  
  279KB
- MD5
  
  385a9512ddecd69116dfa97bf7e6be06
- SHA1
  
  f7ec0e9b790b42c5a1b094460879674af1c65806
- SHA256
  
  3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
- SHA512
  
  8490ebdf4466b98f189ef4a2092ec68534013dea1fa71f34577d0d93c5f9e5d317b6eec4f9de6de4f68a8af98b45e72f007646dc64417f7c6b7ab77f69af4ac6
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- AgentTesla Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy