agenttesla

General

Target

DHL RPA GRBP Template.pdf.exe
Size

13KB
Sample

230619-rg9gdsed63
MD5

0aa04f249eaece97140ad4ff7bc00420
SHA1

4cb79679a05b197ba21489fc362e0d91ae2c3b06
SHA256

9ed9d37ed2bad5f93fe5f80d396c6a075be44a60312ea033a8d4eb3be772b4f9
SHA512

e5a4e704f9919d55398bfb9fe3f98729084b531d4ffaf5ccf59eef83b190827f8d80c60e0e676d56c36bdff019499483b10851288b2f84f922f18c182b4b5599
SSDEEP

192:k0OejvqLK915glsNhYkCeXicN+gp7cCBR2D9UFay:klLaTglsNvCeXicNrZO9UFa

Score

10^/10

Malware Config

Extracted

Family

purecrypter

C2

https://onedrive.live.com/download?cid=0D0FBFD7EE8A13AB&resid=D0FBFD7EE8A13AB%21212&authkey=AAMJbAVJ3CQXG7o

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6261426177:AAGKVvStJVx3AbPod6gVs0gLfIFG75EuCzc/

Targets

- Target
  
  DHL RPA GRBP Template.pdf.exe
- Size
  
  13KB
- MD5
  
  0aa04f249eaece97140ad4ff7bc00420
- SHA1
  
  4cb79679a05b197ba21489fc362e0d91ae2c3b06
- SHA256
  
  9ed9d37ed2bad5f93fe5f80d396c6a075be44a60312ea033a8d4eb3be772b4f9
- SHA512
  
  e5a4e704f9919d55398bfb9fe3f98729084b531d4ffaf5ccf59eef83b190827f8d80c60e0e676d56c36bdff019499483b10851288b2f84f922f18c182b4b5599
- SSDEEP
  
  192:k0OejvqLK915glsNhYkCeXicN+gp7cCBR2D9UFay:klLaTglsNvCeXicNrZO9UFa
Score

10^/10

purecrypter downloader loader agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

PureCrypter

Checks computer location settings

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2