agenttesla | 451a0de15470d3acfe3e3d546462ac55676d806336d3452ac1bc7ffe6f47cfd4 | Triage

Sharing

General

Target

16210869862.zip
Size

17KB
Sample

240327-xm1z4aaa56
MD5

76bcec4047124ebde7d6fd726437ec4f
SHA1

50181c58d4e7ee49da73b16538c10c49ad47bd57
SHA256

451a0de15470d3acfe3e3d546462ac55676d806336d3452ac1bc7ffe6f47cfd4
SHA512

4b6608bc32fdfc608f5b8ef3f4e5cb4a68388db993801bcda2d7153d6e0f036c82c0d71b184852e50cbcddfef6b39b78c7f98896ad27e1bd15c7caf62fab17f8
SSDEEP

384:xjCDf2oXTXrOW3fzi6GJ22xOeNLKJnsoKlUoRoB1N7pToPuEfnnM4qFWw:xjCDflXfXfzwN2JsTRy1Nm9nnVw

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tecniseal.es
Port:
587
Username:
[email protected]
Password:
12348*tecniseal
Email To:
[email protected]

Targets

- Target
  
  Richiesta di preventivo_RFQ20242703_pdf.vbs
- Size
  
  38KB
- MD5
  
  883530fd75a356dad534bdb7aa39e947
- SHA1
  
  2f7cd81fb69b269273068bc97a012216f67e35d0
- SHA256
  
  5212ef58efb4b855a2aaf4bbaf81a4912810982631e2afaf246963fea954fe64
- SHA512
  
  53d804000f64091fd407747262d011c5d73d892be9cf137d1466bd4150bebb0851fdc11e6937163e845ec3cb7e6929e10e8601833d20fa75e126dbf1a2f46362
- SSDEEP
  
  768:u0ygBLXWAZGc8NnKwiQ6x/dSNQT1AOBG/m:Z3qNnKwKLTBB
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan