agenttesla | 5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc
Size

88KB
Sample

230331-nfkvvshd54
MD5

7f9a558c286182185482a0406820c176
SHA1

cf775bb563c0329d9eb9cdbb0ac7768a107ae3bd
SHA256

5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc
SHA512

8a81d9a5d461e065be9c079ff0df63c87bd2d8d4c2d9d38c14de2968ec9fbe6187697601ee7fed55669e2c2d840a7656fcd68fd1bfcbc1eb33a3581597ac014e
SSDEEP

1536:nM7ZZ5X8Aq/pXM+C+tapLO4il11LRt9N7A:Mt/X8Aq/pXM+C+twLOjft9N7A

Score

10^/10

agenttesla purecrypter collection downloader keylogger loader spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc.exe

Resource

win10v2004-20230221-en

agenttesla purecrypter collection downloader keylogger loader spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://192.3.215.60/uo7/Zkbscbhcbcv.png

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.tecnowares.com
Port:
587
Username:
m.auletta@tecnowares.com
Password:
pY$WNuY3@@wed
Email To:
eretih@tecnowares.com

Targets

- Target
  
  5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc
- Size
  
  88KB
- MD5
  
  7f9a558c286182185482a0406820c176
- SHA1
  
  cf775bb563c0329d9eb9cdbb0ac7768a107ae3bd
- SHA256
  
  5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc
- SHA512
  
  8a81d9a5d461e065be9c079ff0df63c87bd2d8d4c2d9d38c14de2968ec9fbe6187697601ee7fed55669e2c2d840a7656fcd68fd1bfcbc1eb33a3581597ac014e
- SSDEEP
  
  1536:nM7ZZ5X8Aq/pXM+C+tapLO4il11LRt9N7A:Mt/X8Aq/pXM+C+twLOjft9N7A
Score

10^/10

agenttesla purecrypter collection downloader keylogger loader spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslapurecryptercollectiondownloaderkeyloggerloaderspywarestealertrojan

© 2018-2024

Terms | Privacy