agenttesla | c01119367072c1c37368da3c14e800e66f9e3f89d304612686ecad896af6daad | Triage

Submit
Reports

Overview

overview

Static

static

3

A08000143_...05.exe

windows7-x64

A08000143_...05.exe

windows10-2004-x64

Sharing

General

Target

A08000143_ESP_B64891013_ESP_823041009945_20230405.exe
Size

611KB
Sample

230606-pdqtrsea9s
MD5

8081970a212f3daf2249abb85384611c
SHA1

a186e350b3cd30fbe157077aed389aba452185e3
SHA256

c01119367072c1c37368da3c14e800e66f9e3f89d304612686ecad896af6daad
SHA512

aa5250760b0c6cdc727306a8f28144307903ad94a7d23c9c99522ae93569bfafb2f120aa59aecd5dc920334291b3584ef5642d10732633c37276b1f00d342dea
SSDEEP

12288:Uoqqqqqqqqqqqqqqqqqqqqq0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqF:U12FGRxFukDzN

Score

10^/10

agenttesla guloader collection discovery downloader keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

A08000143_ESP_B64891013_ESP_823041009945_20230405.exe

Resource

win7-20230220-en

agenttesla guloader collection discovery downloader keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

A08000143_ESP_B64891013_ESP_823041009945_20230405.exe

Resource

win10v2004-20230220-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.phytomer.es
Port:
587
Username:
[email protected]
Password:
@Paqui0033-*
Email To:
[email protected]

Targets

- Target
  
  A08000143_ESP_B64891013_ESP_823041009945_20230405.exe
- Size
  
  611KB
- MD5
  
  8081970a212f3daf2249abb85384611c
- SHA1
  
  a186e350b3cd30fbe157077aed389aba452185e3
- SHA256
  
  c01119367072c1c37368da3c14e800e66f9e3f89d304612686ecad896af6daad
- SHA512
  
  aa5250760b0c6cdc727306a8f28144307903ad94a7d23c9c99522ae93569bfafb2f120aa59aecd5dc920334291b3584ef5642d10732633c37276b1f00d342dea
- SSDEEP
  
  12288:Uoqqqqqqqqqqqqqqqqqqqqq0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqF:U12FGRxFukDzN
Score

10^/10

agenttesla guloader collection discovery downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaguloadercollectiondiscoverydownloaderkeyloggerspywarestealertrojan

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy