agenttesla | c997f718eb93d92c99bc9c530d5c9fe386562aa061e8b123d332c86675525f05 | Triage

Sharing

General

Target

horizon.rar
Size

1.3MB
Sample

231207-w3nt2aff61
MD5

3ccb4cc857dda9d746a04d2998d5945f
SHA1

ec179fa38820a54d9c7f6444d20ea13e4240ee56
SHA256

c997f718eb93d92c99bc9c530d5c9fe386562aa061e8b123d332c86675525f05
SHA512

99c43fe257c3507b3e4fba52a4b5431bfa9dd0a702f6d7cd91559c5f26b0821ce686e138d563424e39fa0187d1113ba52245830627aaf2e32a5d989b89240d75
SSDEEP

24576:VrATxdDgfzEJXGTGkW1kSg7r5n/lKdmvKIiBDjf5xyPoWTImxCZmmJA:BodDgfzq2CkuGH5/USujryPzTI8Ge

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  horizon.rar
- Size
  
  1.3MB
- MD5
  
  3ccb4cc857dda9d746a04d2998d5945f
- SHA1
  
  ec179fa38820a54d9c7f6444d20ea13e4240ee56
- SHA256
  
  c997f718eb93d92c99bc9c530d5c9fe386562aa061e8b123d332c86675525f05
- SHA512
  
  99c43fe257c3507b3e4fba52a4b5431bfa9dd0a702f6d7cd91559c5f26b0821ce686e138d563424e39fa0187d1113ba52245830627aaf2e32a5d989b89240d75
- SSDEEP
  
  24576:VrATxdDgfzEJXGTGkW1kSg7r5n/lKdmvKIiBDjf5xyPoWTImxCZmmJA:BodDgfzq2CkuGH5/USujryPzTI8Ge
Score

3^/10
behavioral1 behavioral2
- Target
  
  horizon/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral3 behavioral4
- Target
  
  horizon/Horizonxd.exe
- Size
  
  574KB
- MD5
  
  f8d73a50d31437aedef47e0ed19fa573
- SHA1
  
  a4e5c6433584a2c4e3f375463431661508e9c8b2
- SHA256
  
  49321843ed3390bb06ab43b65a08de67561cd346bbc6d12f40805bc6d1989151
- SHA512
  
  6a0b668e5e61f56278337007824da8dd86175eb464807683523adc4f70cba8450ce7ab11b6313f32efc7b1d03a57da831f8d2d750b081d6bff5d1ea7495af4fd
- SSDEEP
  
  12288:Wh9K94U6n47tG+mUgc84MV1ALbeJwWLW:H9Un47mUbMjVJwWq
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  horizon/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

agentteslakeyloggerspywarestealertrojan

behavioral6

agentteslakeyloggerspywarestealertrojan

behavioral7

behavioral8