agenttesla

General

Target

cb7a462223f02ca4a41ce7f48a6bb8c7ee0d36798c12b1559bcdabe25d57141f
Size

2.7MB
Sample

220521-ckmz8shafm
MD5

a14cece52ea128b6275c15b17ee464e8
SHA1

05bd2984c8c87085a7373eaceeb2c3622305898e
SHA256

cb7a462223f02ca4a41ce7f48a6bb8c7ee0d36798c12b1559bcdabe25d57141f
SHA512

26f34c4fa34184af86a73000694d60844c25909c9cdbdc44526554198622620217ffcd1df364dba973479dce6339c8100f9e9e0e976891cc91910fb0243fe032

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:12:34 AM MassLogger Started: 5/21/2022 5:12:16 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\HOUSE_DO.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
cruizjamesvhjkl@

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
cruizjamesvhjkl@

Targets

- Target
  
  HOUSE_DO.EXE
- Size
  
  1.3MB
- MD5
  
  4dd93076bfc75f76a248882ac422a31a
- SHA1
  
  53d904be35b2e8c7de03c20f6e54067046b2ce57
- SHA256
  
  f66ba3c720e0df70977904953fb0f359eddcc621703aec51d1d3f16e099a2816
- SHA512
  
  11e9f6b84cfd5403424c7da60011581fc591dbbf8d5f8ad02f0d1b920edfc3ed06dec27ba254a57bab3b036e65ab9af5713b3764447ce89cdaca328bfc9024b3
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  HOUSE_PI.EXE
- Size
  
  892KB
- MD5
  
  5bdf485867aa3d87b494be177e7c98da
- SHA1
  
  3201fd68704cfa89e9f32f807cb1cdf4bf39bc45
- SHA256
  
  ba99ebdbb38769a5fce130e0a16cd0c2aa0380cfc4ec5dd257dcadcdcea69ee4
- SHA512
  
  214e0b6a6d95243587e6df856095180d9d475536d2a01b52573f389a38d1659c94747a51cae51c7748e19d7455549efac0f3c4efcb82a51d09687b2273621f42
Score

10^/10

agenttesla keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4