agenttesla | 161609895630cb16c5cb3065faf62a3bcb50b211a7ef6cc967103072174e5846 | Triage

Resubmissions

12-12-2023 00:26

231212-aq91vabgek 10

12-12-2023 00:22

231212-an1pdsdac8 10

Sharing

General

Target

Docu4000179.tar
Size

654KB
Sample

231212-aq91vabgek
MD5

8840e7f23f488cb9d315c3284c0045e8
SHA1

e3f37da391244e2140a4c6236c6ef973068d84df
SHA256

161609895630cb16c5cb3065faf62a3bcb50b211a7ef6cc967103072174e5846
SHA512

e256281ba9953530c1cce53818b218a2c0738da2d58afa9b0cd25c913331904eabb0575a49f048a483becd9c1f0fe354dcaf6a0587df3436e5f061b4c655d201
SSDEEP

12288:ZI/yvwAlXzTsEzs4oPYXVyZF+nZKSPmQ5Ad40ErFdosyYO3KqfVDmlc+eDBhOoLr:ZvPsEzsrAXVyn+EkmQydUFvyYO/xmu+c

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
server1.sqsendy.shop
Port:
587
Username:
[email protected]
Password:
dM=st7.q6yhZ

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server1.sqsendy.shop
Port:
587
Username:
[email protected]
Password:
dM=st7.q6yhZ
Email To:
[email protected]

Targets

- Target
  
  Docu4000179.exe
- Size
  
  775KB
- MD5
  
  0b53fa5cecea0dcd84a3c4b1bd46544c
- SHA1
  
  18174fce423ef109b25b378f73d01a2a4104a8a4
- SHA256
  
  e0b23d87a5972492b5b4bffa27ff71964b38ff2b9ae1faf971f0bfeb8df11cd8
- SHA512
  
  2adcf580384bc8daa99ad8b2eb5b8120d0abf3dab4b1c082fbd09a70af4f20ce2103ddfdbbd5293d39e911179906ed7256b0973a36ab83b3d1045461ed034242
- SSDEEP
  
  12288:QqwwbXXy2Un0q98x+PaoD2zO5eMtIHtmYzkZCyYo/hyBfzj7ELAplrOeC/z3bAdJ:jLypRS+PHO5MsYBZN4fv7EKrD+zLAdJ
Score

10^/10

agenttesla keylogger spyware stealer trojan guloader downloader
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan