agenttesla | 8e82fb037b606bf25cf55bd40d74105ad0e38d7b3cfa85c6de48babb3dde7bfe | Triage

Sharing

General

Target

三月命令 #4749HD-3DH2D-AN1A3-ZNTL3-CBU49-1ZMT40-24HAN-4910CK-3801Y-RA271.exe
Size

11KB
Sample

230302-qhsplacf8x
MD5

f9bad6152f4986cb01d7701bfc99f7c8
SHA1

10543402cde89a96ad400bc1fe048dd7a854ec99
SHA256

8e82fb037b606bf25cf55bd40d74105ad0e38d7b3cfa85c6de48babb3dde7bfe
SHA512

8a136790d114acb1506d626e9e84dc721ff50ffa7c333d1bf3ab0de92196036679b0c177252b615ad204e3d5756ad17c71bb82a31363c0f5926fe765f463023a
SSDEEP

96:ZBtYEMHtebFX9q8nLkobKtRZYsYE7KkztSlAtUqUriBha3dWraqUQUCnhQDOzNt:ZVpX9qoL/bYTYfwzHtR8iBLXBnhQDI

Score

10^/10

agenttesla purecrypter collection downloader keylogger loader persistence spyware stealer trojan

Malware Config

Extracted

Family

purecrypter

C2

http://vinosbiodinamicos.com/Mugkiaa.dat

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
Jk$yZlcm39_3Sh*
Email To:
[email protected]

Targets

- Target
  
  三月命令 #4749HD-3DH2D-AN1A3-ZNTL3-CBU49-1ZMT40-24HAN-4910CK-3801Y-RA271.exe
- Size
  
  11KB
- MD5
  
  f9bad6152f4986cb01d7701bfc99f7c8
- SHA1
  
  10543402cde89a96ad400bc1fe048dd7a854ec99
- SHA256
  
  8e82fb037b606bf25cf55bd40d74105ad0e38d7b3cfa85c6de48babb3dde7bfe
- SHA512
  
  8a136790d114acb1506d626e9e84dc721ff50ffa7c333d1bf3ab0de92196036679b0c177252b615ad204e3d5756ad17c71bb82a31363c0f5926fe765f463023a
- SSDEEP
  
  96:ZBtYEMHtebFX9q8nLkobKtRZYsYE7KkztSlAtUqUriBha3dWraqUQUCnhQDOzNt:ZVpX9qoL/bYTYfwzHtR8iBLXBnhQDI
Score

10^/10

agenttesla purecrypter collection downloader keylogger loader persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslapurecryptercollectiondownloaderkeyloggerloaderpersistencespywarestealertrojan

behavioral2

purecryptercollectiondownloaderloaderpersistencespywarestealer