agenttesla | 761cc48d25bd9921b8d978fd254d2795f665c7e0a8eb2e9210f4fedef15a4906 | Triage

Sharing

General

Target

logitechs.rar
Size

831KB
Sample

240310-vaqbqage24
MD5

be8d71d85dad972f20fef61e6dbd0852
SHA1

57c9cf48f04395bd4d6cc4587bd8bc050f582626
SHA256

761cc48d25bd9921b8d978fd254d2795f665c7e0a8eb2e9210f4fedef15a4906
SHA512

29528e75cd9c719a4fab84b59d9f264cb53a9ca52b97363f4f33b938d55cd7c45891dd0a5e0fedb747dfe90ea37d13c5af53f8fe2e6c3c28141bbc2a2993d6d2
SSDEEP

24576:3qrATxdDgfzEJXGTGkW1kSg7r3ZliJ9wtD:36odDgfzq2CkuGH3GJ9wl

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  logitechs.rar
- Size
  
  831KB
- MD5
  
  be8d71d85dad972f20fef61e6dbd0852
- SHA1
  
  57c9cf48f04395bd4d6cc4587bd8bc050f582626
- SHA256
  
  761cc48d25bd9921b8d978fd254d2795f665c7e0a8eb2e9210f4fedef15a4906
- SHA512
  
  29528e75cd9c719a4fab84b59d9f264cb53a9ca52b97363f4f33b938d55cd7c45891dd0a5e0fedb747dfe90ea37d13c5af53f8fe2e6c3c28141bbc2a2993d6d2
- SSDEEP
  
  24576:3qrATxdDgfzEJXGTGkW1kSg7r3ZliJ9wtD:36odDgfzq2CkuGH3GJ9wl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral3 behavioral4
- Target
  
  niggerspoofa.exe
- Size
  
  179KB
- MD5
  
  6407d82ff6635e7332d0b38b34bd389b
- SHA1
  
  b68a5d70bb8348bdbeaf9beda5ecb5a131809d45
- SHA256
  
  7d2465a5912fac5f2950156aa608e32fdeaace6176ebfcfb0c99049be6cbd58c
- SHA512
  
  1bbbf962bbfa7315cc3c2d406ada6a94fcd9c31bf794d473d7102fe2ffcd6b49e4bda0b81f1d7e78cac5d5e9f3d1eeea5c0b272627bc72d91f46ea7c4ba6a804
- SSDEEP
  
  3072:aR9wrCMT9szA4tOicW7t9m4WJE7aYgpTS5G8WqhbJyOyx7aYgY7aYgORqY:aDwWlAiLcW7tBWJE7IkJfS7IY7IKq
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral5 behavioral6
- Target
  
  niggerspoofa.exe.config
- Size
  
  189B
- MD5
  
  9dbad5517b46f41dbb0d8780b20ab87e
- SHA1
  
  ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
- SHA256
  
  47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
- SHA512
  
  43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8
Score

3^/10
behavioral7 behavioral8
- Target
  
  niggerspoofa.pdb
- Size
  
  43KB
- MD5
  
  ab54c1b0887ca205bbf059ba68dac913
- SHA1
  
  a62dfd3c016f7dda54fe52395a7663db2c0e9639
- SHA256
  
  37b43b319de3516bce0f25aab174465f9c6dbc418c314dcc33641d7d5b98f6eb
- SHA512
  
  9be61ce3099dc764ad6e16aec5462061178517eb70a94c7bf77166609ebd38a843b4dca5eab4a022812c438146d63f0fece56ca0fd0c4353b53aaa72b2a46211
- SSDEEP
  
  384:ES2UFt2UfQ2FBgB4riEC7AVBEC7Abergc9FnUPxs5fuF8EC7AaFJXQ20g4A:ES2UFt2UfQ2FBg65lwwf64dQ20g4
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

agentteslakeyloggerspywarestealertrojan

behavioral6

agentteslakeyloggerspywarestealertrojan

behavioral7

behavioral8

behavioral9

behavioral10