agenttesla | 275c5642252d7cd2c4a8dd5b80acd3a3b2492d9565cdfa035ffe7d777f4e4c1f | Triage

Sharing

General

Target

Revised PO_2024030122_pdf.7z
Size

15KB
Sample

240305-k8hdnabc8y
MD5

b44664608afa42eb31a18e8e79bb783e
SHA1

927a021760b5c6992b0c8f1ba2b109517c65bb9f
SHA256

275c5642252d7cd2c4a8dd5b80acd3a3b2492d9565cdfa035ffe7d777f4e4c1f
SHA512

0b860c2258194bbaaf27988d2332d445da5fce5a6b10d620b6ad550c967e88a68dbe8b1ae7cfb11a9cf9dbfad68ace39e3f230973c501f3efe1ae376dd0cf6e5
SSDEEP

384:FsDCQp8LahUnvvUz8UVdx/i2CnGfAAcqvC9LSuaHl0+:FsDCq8Nnaxq2CGfAusFaF0+

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.crane-eletronics.com
Port:
587
Username:
[email protected]
Password:
peFyHns8
Email To:
[email protected]

Targets

- Target
  
  arbejdsommere.vbs
- Size
  
  26KB
- MD5
  
  f8577629aeb64e251b9cb1e099e714d0
- SHA1
  
  5f0a623045c49b2d7ae72bcbd66ada317e4f03e2
- SHA256
  
  8d506a06bb82e85988a2b5be1e4ec782667ef2b5252f16a46adcc75e92077ef7
- SHA512
  
  52d6f17ce06caeaa1871a510d323598fe13fb67dacc6d01eb538bf0ad329e37fac28e33e27cf29725c08a3f40fb3a6042df5d6372dbcc499f9e00c932b69479c
- SSDEEP
  
  768:qaIZCEG9cNFeKAqIqBW2MQK/fFXSiPwKYv:2CJcviqzjOSiPwjv
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral2