agenttesla | 71c9ed2c4eed613b53dc4324dd037ef1356aa990ba3de509d46a3144c847545d | Triage

Submit
Reports

Overview

overview

Static

static

1

PujH3zZZ8CZ2PQh.exe

windows7-x64

PujH3zZZ8CZ2PQh.exe

windows10-2004-x64

Sharing

General

Target

PujH3zZZ8CZ2PQh.iso.rar
Size

621KB
Sample

230216-s25jlsac87
MD5

d25f7e4b84fdf47d6d84304aeb807c91
SHA1

3584963b348953b4aa0ac281129749074cdf0668
SHA256

71c9ed2c4eed613b53dc4324dd037ef1356aa990ba3de509d46a3144c847545d
SHA512

468beed29635a291890524d646613fce1ae144edc0b19a053cd78cfbd60c1f682fb10d283260909b644b0167173682c70cd36cdffc91483fdf35beffdacffa4b
SSDEEP

12288:NIjxSYcsFUGpJcIdMSSRMA1xSAykfcQmRsYKpg2oB1b:Sjx/bcmMS8MA1xcRQmsZpU

Score

10^/10

agenttesla asyncrat neshta default keylogger persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PujH3zZZ8CZ2PQh.exe

Resource

win7-20220901-en

asyncrat default rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

PujH3zZZ8CZ2PQh.exe

Resource

win10v2004-20220812-en

agenttesla asyncrat neshta default keylogger persistence rat spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

192.3.193.136:2023

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5171883538:AAEyFWuNh68SJNNpkDCQbviRgrklZA3K4Qs/

Targets

- Target
  
  PujH3zZZ8CZ2PQh.exe
- Size
  
  690KB
- MD5
  
  ff03d21030f0ceec34b64a1354e12eca
- SHA1
  
  d4fd57bf4a367e0c3c7c12d1bf5d2fa24cfb4050
- SHA256
  
  f77b10f6ec51ae7c41bbf862324e2ec41527f2ddda49b85765ea45919480832e
- SHA512
  
  0c2a0c81aee2277a56d161c970d51e21bdf507bebbe6f85ffaaacc456765dba6c31a328bb014f3493d569c4e62f38ffa01972b5d88ffddf4b3e8b26bab61df2f
- SSDEEP
  
  12288:Gh6q6EM7YC0ND571Vd8Sd9GNx1l3V8HzLUExWB:GYXpQ57jfaxPleoB
Score

10^/10

asyncrat default rat agenttesla neshta keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

agentteslaasyncratneshtadefaultkeyloggerpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy