agenttesla | 535930bd0cd42da35da4bbbd15007f83e051a630141b0bcf6df50c2269ad3d27 | Triage

Resubmissions

04/07/2023, 13:16

230704-qhv5qadc96 10

04/07/2023, 13:11

230704-qe63tadc65 10

Sharing

General

Target

CookieEnjoyer.zip
Size

8.3MB
Sample

230704-qe63tadc65
MD5

2bbde533926544ac2c2f06bbd87594ff
SHA1

72b5f1d0dc7f87f4af85172671b25d18982033c1
SHA256

535930bd0cd42da35da4bbbd15007f83e051a630141b0bcf6df50c2269ad3d27
SHA512

a303b0c95e653508a119a5395ef969ec0e3ea5cab8ce60fa43a0094664094283cdee53c365578404093718a1b3351f17b9da66a8b5f59be1b90bb5150d998ebd
SSDEEP

196608:QMp0/bYAI1niAG+s9kuGLEB3+oWQ1kKa47MYf1V4tqSk:QR/bYAIJOHQLNQ2Xcf12u

Score

10^/10

agenttesla keylogger spyware stealer trojan vmprotect

Malware Config

Targets

- Target
  
  CookieEnjoyer.zip
- Size
  
  8.3MB
- MD5
  
  2bbde533926544ac2c2f06bbd87594ff
- SHA1
  
  72b5f1d0dc7f87f4af85172671b25d18982033c1
- SHA256
  
  535930bd0cd42da35da4bbbd15007f83e051a630141b0bcf6df50c2269ad3d27
- SHA512
  
  a303b0c95e653508a119a5395ef969ec0e3ea5cab8ce60fa43a0094664094283cdee53c365578404093718a1b3351f17b9da66a8b5f59be1b90bb5150d998ebd
- SSDEEP
  
  196608:QMp0/bYAI1niAG+s9kuGLEB3+oWQ1kKa47MYf1V4tqSk:QR/bYAIJOHQLNQ2Xcf12u
Score

1^/10
behavioral1 behavioral2
- Target
  
  CookieEnjoyer/CookieEnjoyer v1.1.exe
- Size
  
  6.4MB
- MD5
  
  37e8fb286293c922dbc9e2f3ab86daeb
- SHA1
  
  7ce220e39fa87ce401036073ad1c56b42e4fe527
- SHA256
  
  d492cc43ba9bb686b01f1e1ae964a9b84b525457abe8e2d6f90531208853920c
- SHA512
  
  19925b413c9c856e7537219753b4259e081e0a2dec4bee6d6c7e145d4e29352d22db5fe8b757cd39bca6d0111bc92ea707901ca562803580fab38b0ec9109ee4
- SSDEEP
  
  98304:IJe0BCC6QHZlyvKsKI3tuKy8gOfV4RYVrsk9N8ivyhAdsPSQxqcTqyiOWkqXf0FV:tgvUvRSQumVN8iNISTyXijkSIkK7
Score

10^/10

agenttesla keylogger spyware stealer trojan vmprotect
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  CookieEnjoyer/CookieEnjoyer v1.1.pdb
- Size
  
  55KB
- MD5
  
  52c5187ae8472cd27c8340942267c93e
- SHA1
  
  c5c84a1bc5ce7db2cb8514a2a9eb3e7ec57c0e24
- SHA256
  
  a383e3696f12d4591ae72576a134c9d8c5fd85c121b839f6183aff2a4433c365
- SHA512
  
  d68eb71cc8bef72ebbdfe9c6db71632969f2530a8f7935520892b3a207ba644fb71d1872b2dfcce251fe5c21ff7d33765ea759e9ab5d628b8d618f5062627724
- SSDEEP
  
  768:vjp+UTtURep0f972rYoRizNaCbmS5npWLNYIy:Weq7gT8gSZo5Xy
Score

3^/10
behavioral5 behavioral6
- Target
  
  CookieEnjoyer/EntityFramework.xml
- Size
  
  3.6MB
- MD5
  
  2ace5866fcaaac86235572c0cd188aca
- SHA1
  
  fef4f721c2f0d617c53731a6d28d3288cf6da114
- SHA256
  
  8c4535c843b75a5d441cfe98ed444b664b6f0d48c7cd9668d14b28ae597ff2c6
- SHA512
  
  16dd9ce838e4ccb4ea9cf4d62dae29d6fdbc5c74f2e4d7f7d32d09381562c3dfce5a230db4cd4359a5a8a5f7960504b7d10adbbce9a679019d2f49a1a4b1a8a4
- SSDEEP
  
  6144:iMZ0sHOLap7F3CeFlUmB9uWsSKjm30tzhJGEFim9dLlLRnWSynU759lknrfcHS0R:YwgoO6K7TMlXD2I8sjryyBnq3
Score

1^/10
behavioral7 behavioral8
- Target
  
  CookieEnjoyer/Newtonsoft.Json.xml
- Size
  
  696KB
- MD5
  
  d398ffe9fdac6a53a8d8bb26f29bbb3c
- SHA1
  
  bffceebb85ca40809e8bcf5941571858e0e0cb31
- SHA256
  
  79ee87d4ede8783461de05b93379d576f6e8575d4ab49359f15897a854b643c4
- SHA512
  
  7db8aac5ff9b7a202a00d8acebce85df14a7af76b72480921c96b6e01707416596721afa1fa1a9a0563bf528df3436155abc15687b1fee282f30ddcc0ddb9db7
- SSDEEP
  
  6144:XqqU+k/Rik5aG0rH3jGHdl0/IdHXpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DU1
Score

1^/10
behavioral10 behavioral9
- Target
  
  CookieEnjoyer/System.Diagnostics.DiagnosticSource.xml
- Size
  
  28KB
- MD5
  
  5e91fe301415aced2f304f136a8ebd82
- SHA1
  
  31d457e46227f16286f7b52b728208de8970abbf
- SHA256
  
  1784132ae3698467a0985b2507d63bdcf19a7970afe3a39d86e36c018c98b29d
- SHA512
  
  6f99fccc2e35e4ba8d2054d4cb5787bb48ba4364d5181d59825400e6ed9f6a1318197810b3b908e726173ccfd4f23a1871417045174e160c7073c7adca831add
- SSDEEP
  
  384:VsKIrXkz1ukSA8Q3vK0mN2I5IiIjI7ImIWIHHtL90/6q6M:VsLA8Q3vK0HY6rM
Score

1^/10
behavioral11 behavioral12
- Target
  
  CookieEnjoyer/x64/SQLite.Interop.dll
- Size
  
  1.7MB
- MD5
  
  a73fdfb6815b151848257eca042a42ef
- SHA1
  
  73f18e6b4d1f638e7ce2a7ad36635018482f2c55
- SHA256
  
  10c9ccec863ed80850c7b7080e4f2e34b133ce259d1ae3ea7a305cebf6e2940d
- SHA512
  
  111f5a7bd916ab317fc127cbf49a2a81c2a614ce3a655a0446f2ebf3c2e61509db5633a391bef06c4ba0b58a71c752262ec2467a09abc56827263c647b08a09d
- SSDEEP
  
  24576:EpmVXSlb6q7SKjK2RMP1lfuqluu3cAG8WqMkXbbz38MJBbMNCoUpgLPNwEcIMK:6mVXy7SKjyfTFMwEkr3VJBbKCoUYt
Score

3^/10
behavioral13 behavioral14
- Target
  
  CookieEnjoyer/x86/SQLite.Interop.dll
- Size
  
  1.4MB
- MD5
  
  0792c1d3b4dc27c8a11be191e61f9276
- SHA1
  
  6d92350b14aa5ccccb321924215b135d2595fae9
- SHA256
  
  98b0e0e7cde328d21284687dd359e36a42d39a329d4353d3c39def990b46a18b
- SHA512
  
  126fdc341814f97fec2ed865eee7b84e4eb2888a784478f550b2fe929e088a8097c22ae888e21fd8209a8c91362ad5170aa5476d0f62962ef4d2577adbd80bf2
- SSDEEP
  
  24576:NecRi/7km9cyru8E+VaBMpgkTRs7cHnOKODwt4PVaDAcv4VM/0N/k6FtHH4hY9ID:1Ri/7kmDrZaU81wt4NeWiwrzFz6haM
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslakeyloggerspywarestealertrojanvmprotect

behavioral4

spywarestealervmprotect

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16