agenttesla | 3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05 | Triage

Submit
Reports

Overview

overview

Static

static

1

3a268c6837...05.exe

windows7-x64

7

3a268c6837...05.exe

windows10-2004-x64

Sharing

General

Target

3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05
Size

668KB
Sample

231208-ckmpgahh9z
MD5

8e0d4e580ae0361aef902eb9f2e952ff
SHA1

20ab04747e22eb1ff6cb8956cebf2f1876add6f1
SHA256

3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05
SHA512

84caa76bc127159aa4a5caf807ebd8a85e62c1ca117dbd5c28bb17e6e76c2b426298dd091d4c5503dbace3a41d8c57bcef4bc9d71773832abf71ae7ddb6c2351
SSDEEP

12288:s1CSfMlEPbEQwDLniL98GcVkTxFy/zTvfCVcyo/s52eACTT:ofMlEPbEQMLkZoiVX

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05.exe

Resource

win7-20231020-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05.exe

Resource

win10v2004-20231130-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.etasimali.com
Port:
587
Username:
[email protected]
Password:
RECRUTEMENT@2023
Email To:
[email protected]

Targets

- Target
  
  3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05
- Size
  
  668KB
- MD5
  
  8e0d4e580ae0361aef902eb9f2e952ff
- SHA1
  
  20ab04747e22eb1ff6cb8956cebf2f1876add6f1
- SHA256
  
  3a268c683729ba9c5975d4f8e63bb6cfe984cb6b66f5339b22ebf03743cc6d05
- SHA512
  
  84caa76bc127159aa4a5caf807ebd8a85e62c1ca117dbd5c28bb17e6e76c2b426298dd091d4c5503dbace3a41d8c57bcef4bc9d71773832abf71ae7ddb6c2351
- SSDEEP
  
  12288:s1CSfMlEPbEQwDLniL98GcVkTxFy/zTvfCVcyo/s52eACTT:ofMlEPbEQMLkZoiVX
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy