agenttesla | 86e6cd3d2fb55232cbac7aedf7a0078eecddfece6dfde4e6566216a057acacfa | Triage

Submit
Reports

Overview

overview

Static

static

1

RFQ2024032...le.vbs

windows7-x64

RFQ2024032...le.vbs

windows10-2004-x64

7

Sharing

General

Target

RFQ20240327_Lista commerciale.vbs
Size

39KB
Sample

240328-h1jweach72
MD5

9300a9eba698df3fa841738aa1ee2153
SHA1

cc76797e0fb68f86bfc3b509e0fb25b66e666f84
SHA256

86e6cd3d2fb55232cbac7aedf7a0078eecddfece6dfde4e6566216a057acacfa
SHA512

4682cc200b193fea5280a54e2007bf1158ab3ea039eec76b62e0b2a7cc2083fa4cf7d919bdfa27c3a80aa989e6eb2db458ae2d168830de7be8ff57ef3a2a0042
SSDEEP

768:u0zgB8X2WAZGc8NnKwiQwR5T1dPA1aRtg:4+QqNnKwY3BK1aRO

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ20240327_Lista commerciale.vbs

Resource

win7-20240215-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ20240327_Lista commerciale.vbs

Resource

win10v2004-20240226-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.inkomech.com
Port:
587
Username:
amir.hussin@inkomech.com
Password:
Amir@2021

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.inkomech.com
Port:
587
Username:
amir.hussin@inkomech.com
Password:
Amir@2021
Email To:
williamslucy570@gmail.com

Targets

- Target
  
  RFQ20240327_Lista commerciale.vbs
- Size
  
  39KB
- MD5
  
  9300a9eba698df3fa841738aa1ee2153
- SHA1
  
  cc76797e0fb68f86bfc3b509e0fb25b66e666f84
- SHA256
  
  86e6cd3d2fb55232cbac7aedf7a0078eecddfece6dfde4e6566216a057acacfa
- SHA512
  
  4682cc200b193fea5280a54e2007bf1158ab3ea039eec76b62e0b2a7cc2083fa4cf7d919bdfa27c3a80aa989e6eb2db458ae2d168830de7be8ff57ef3a2a0042
- SSDEEP
  
  768:u0zgB8X2WAZGc8NnKwiQwR5T1dPA1aRtg:4+QqNnKwY3BK1aRO
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy