agenttesla | 828f0156ae852886281809e14b96e9c55a6dbeb6a75eb512530f7fd0bea02038 | Triage

Submit
Reports

Overview

overview

Static

static

1

d79dbb236b...86.xls

windows7-x64

d79dbb236b...86.xls

windows10-2004-x64

1

Sharing

General

Target

a864acb83b3a238490b5019c40695ee6.bin
Size

912KB
Sample

230331-cajj3ahf31
MD5

6461ba95d4289a4849a64d89c75cada7
SHA1

b9262f950a1d5f4e226c494d340e96e2668d4b74
SHA256

828f0156ae852886281809e14b96e9c55a6dbeb6a75eb512530f7fd0bea02038
SHA512

5bc6c68245d0079fdde67e24c58cb7ab12c7feb857faa1f24519c51ace8f8ccf22132605373b799130c7291856d71852ac5ea07830f23dcaeb1309f4d27c3d6c
SSDEEP

24576:UeGIld+hNpm+a/n3VGVzqUP22OXi4cfEdEsk:UO4pmlQVuaXOy4cMeN

Score

10^/10

agenttesla purecrypter collection downloader keylogger loader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d79dbb236bd0f95b5fc44b696c7dc098b42519931778080040a73b9eaf57ee86.xls

Resource

win7-20230220-en

agenttesla purecrypter collection downloader keylogger loader spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

d79dbb236bd0f95b5fc44b696c7dc098b42519931778080040a73b9eaf57ee86.xls

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://192.3.215.60/uo7/Zkbscbhcbcv.png

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.tecnowares.com
Port:
587
Username:
m.auletta@tecnowares.com
Password:
pY$WNuY3@@wed
Email To:
eretih@tecnowares.com

Targets

- Target
  
  d79dbb236bd0f95b5fc44b696c7dc098b42519931778080040a73b9eaf57ee86.xls
- Size
  
  1.0MB
- MD5
  
  a864acb83b3a238490b5019c40695ee6
- SHA1
  
  813dcac587b12d1b197772493ad1ba521bdf7992
- SHA256
  
  d79dbb236bd0f95b5fc44b696c7dc098b42519931778080040a73b9eaf57ee86
- SHA512
  
  340d6bdad0494baa89a08d1c6923d112928734f1f3fea8eb74ea3088a5a4fe17f4395f463ea5c395e6523900dddeeaff13a1afc96ad0c7fd219b148b3dea63d3
- SSDEEP
  
  24576:oLK3SSMMednEwakAmmjmRakAmmjmF+MXUK3eT2222222222222222222222i2LN:oLKBM7aaoeaaoW+MXih
Score

10^/10

agenttesla purecrypter collection downloader keylogger loader spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslapurecryptercollectiondownloaderkeyloggerloaderspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy