agenttesla

General

Target

857cabdf843986bade93bb6882b28bd696727e57333880dabd1666745ae27305
Size

510KB
Sample

240328-bp4m4sce6t
MD5

2337534b5deaa7c40784d61ad8602b08
SHA1

c74b04ac76a83ad77a8c570fe670ccc9a5b7dfdb
SHA256

857cabdf843986bade93bb6882b28bd696727e57333880dabd1666745ae27305
SHA512

63bccd72dd7a5f83721b65c6219254748977887b7c1920d7aa49e10f5510aa9098beae2bda9b2f9439b1fb8da41a00f9c7d33fef21c53b34fc4adb914d113951
SSDEEP

12288:DlbPIiKP9/FOTzcxJkXwCbnIuX4cRljTJTSUXht/rDTo:5PIRDUgIbbIuocDTo

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
shark.ipchina163.com
Port:
587
Username:
[email protected]
Password:
=klKQ6APEoJ7

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
shark.ipchina163.com
Port:
587
Username:
[email protected]
Password:
=klKQ6APEoJ7
Email To:
[email protected]

Targets

- Target
  
  857cabdf843986bade93bb6882b28bd696727e57333880dabd1666745ae27305
- Size
  
  510KB
- MD5
  
  2337534b5deaa7c40784d61ad8602b08
- SHA1
  
  c74b04ac76a83ad77a8c570fe670ccc9a5b7dfdb
- SHA256
  
  857cabdf843986bade93bb6882b28bd696727e57333880dabd1666745ae27305
- SHA512
  
  63bccd72dd7a5f83721b65c6219254748977887b7c1920d7aa49e10f5510aa9098beae2bda9b2f9439b1fb8da41a00f9c7d33fef21c53b34fc4adb914d113951
- SSDEEP
  
  12288:DlbPIiKP9/FOTzcxJkXwCbnIuX4cRljTJTSUXht/rDTo:5PIRDUgIbbIuocDTo
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Grnskollingernes237/pladsholderknudes.Fyr
- Size
  
  58KB
- MD5
  
  b727db78e2c5f3b1559e11ceef7af2fb
- SHA1
  
  622ee25305320a7c6c2f7e6b201d9c1204d00053
- SHA256
  
  07a3c1a8c29ae7eb5b17b815e3c470068313f9911bf890f58f68f43cb42f2d54
- SHA512
  
  19116eb53099a09bc314577f4954870ead121ee2c7818d0653973d30597abc7c9b698407583893b7171b40861aa279e5c619fbd640db9075ad4aa91fb2e62f36
- SSDEEP
  
  1536:5jGkMxf3C7xchyXU14f+sC+9ez04sV0TJZJ2wh9kvTEw:VA3NYR8Y4S0T/1Cgw
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4