agenttesla

Resubmissions

15/03/2024, 09:48

240315-lswf1sfd93 10

Sharing

Copy URL Twitter E-mail

General

Target

16024396335.zip
Size

269KB
Sample

240315-lswf1sfd93
MD5

93ae26b5d0dfaf2b73404e7e0421280a
SHA1

b7e482ad7d42f5827729d25f35ad3aea1e505bc3
SHA256

ebb087cd8eda272ea47f667d231e6d3ac97b76d089916dbe881a1cf5b50791d6
SHA512

cae043fbc4a09f129153f297d34091d597d42f352c08018e2a560b3d30f851f87b05dc06ff7cc5811763d6efc92fc1f6bcd719aafbadb2715b51cfca45ffb829
SSDEEP

6144:B//XS+1MaEoVo9h7DAiNhlqnRpBgeH6uk5wuE6iQou2FhrPqZiEOUT:1anhNlNhlqR6xRWQou2repXT

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.fis-uae.com.ng
Port:
587
Username:
[email protected]
Password:
Big2024maxxymaxx2024
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.fis-uae.com.ng
Port:
587
Username:
[email protected]
Password:
Big2024maxxymaxx2024

Targets

- Target
  
  16024396335.zip
- Size
  
  269KB
- MD5
  
  93ae26b5d0dfaf2b73404e7e0421280a
- SHA1
  
  b7e482ad7d42f5827729d25f35ad3aea1e505bc3
- SHA256
  
  ebb087cd8eda272ea47f667d231e6d3ac97b76d089916dbe881a1cf5b50791d6
- SHA512
  
  cae043fbc4a09f129153f297d34091d597d42f352c08018e2a560b3d30f851f87b05dc06ff7cc5811763d6efc92fc1f6bcd719aafbadb2715b51cfca45ffb829
- SSDEEP
  
  6144:B//XS+1MaEoVo9h7DAiNhlqnRpBgeH6uk5wuE6iQou2FhrPqZiEOUT:1anhNlNhlqR6xRWQou2repXT
Score

1^/10
behavioral1 behavioral2
- Target
  
  d57d6ee71d3e0a161bdadd309300d5e7d1129af61886889a8b197addea8617a7
- Size
  
  291KB
- MD5
  
  d26ec10d5be6b25f879fc0c9f91d65b5
- SHA1
  
  230049e849f93203c35f581e662181cf583379fe
- SHA256
  
  d57d6ee71d3e0a161bdadd309300d5e7d1129af61886889a8b197addea8617a7
- SHA512
  
  6522638195072c233468f12ff32753ae9737a919b7d90f131c5d2063ee74273c489c77190a733d69670edad72a7fc1195c01915cbc7d43374452cf40df684a36
- SSDEEP
  
  6144:fuTFsSgr/bMXZbqx2ulmOgyeNuw3VXgF6kXRYncUg+4SnbF4:mThGbMX9W2ulmOIZg6kBQESnC
Score

5^/10
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  shipping documents.zip
- Size
  
  254KB
- MD5
  
  a536d6ba24600779227241e0022249cc
- SHA1
  
  edde9111494e80a13e95471ae03e524108a65a0a
- SHA256
  
  d1ec6657e32505edc59ca8705a506c7fda91b6b8b19e1f8802db573f5b268ffe
- SHA512
  
  80540a2e696b8f9718c40d16c37bec0da5c5513ba7697e7fbeb2fe340d0baa548c90bac8fcded91c7dddeaadbdc53d78bcb658aee70c396692aeb1879436f54c
- SSDEEP
  
  6144:9Sgr/bMXZbqx2ulmOgyeNuw3VXgF6kXRYncUg+4SnbF4L:YGbMX9W2ulmOIZg6kBQESnCL
Score

1^/10
behavioral5 behavioral6
- Target
  
  FILE072024.exe
- Size
  
  340KB
- MD5
  
  b9f9bcdea392c69e0ae52b21249ebae7
- SHA1
  
  e53b2226e99553057457c0cbb00a6228e47239fb
- SHA256
  
  db8e59274891184242f029e9db38f965c7aebcc50c65d6899568a48c36098166
- SHA512
  
  3ff8ae35e966a1ba2eec719983f80ed067c6e242fe12e12b04b087fec91c3631af77015632c4411ba106832ef9101654247062a0be603d9f70905c40c1295ecd
- SSDEEP
  
  6144:gOXzo08c9RvPIYz/7bPYTUcw4dg0UZ6dLeqWoG2JK1rSZTRJ8zQdS+WO28:PoaRvh7+Ucw42fZ6dCDzgEyRJsR+i8
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Drops file in System32 directory

Reads WinSCP keys stored on the system

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8