agenttesla

General

Target

ORDINE N. 7899029032024.iso
Size

99KB
Sample

240329-l8xn1see9s
MD5

bbf3cdd2658142fff4e3d7f661be17a8
SHA1

c9ec0be415772160f6d21d71e1472688ce2301d3
SHA256

8002762c521651655d972ec4f68027e69059be75963831d61cccfa0415a06b7a
SHA512

83ce468efa6b7f5321d6f1d0ea4d39b2bff52bf3a5fea3eed7d7344369cf4e9dd0c7230f0068f85f3ab03138f40d168d167d8c6b04727be9146b10cccb678642
SSDEEP

768:ox0tgBlVTWAZGc8NnKwiQcpYdzvBLJ2hk0DbzS3DEa:GJ9qNnKwrTBLivDbz

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.hostit.bg
Port:
587
Username:
[email protected]
Password:
123kzu456

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hostit.bg
Port:
587
Username:
[email protected]
Password:
123kzu456
Email To:
[email protected]

Targets

- Target
  
  ORDINE N. 7899029032024.iso
- Size
  
  99KB
- MD5
  
  bbf3cdd2658142fff4e3d7f661be17a8
- SHA1
  
  c9ec0be415772160f6d21d71e1472688ce2301d3
- SHA256
  
  8002762c521651655d972ec4f68027e69059be75963831d61cccfa0415a06b7a
- SHA512
  
  83ce468efa6b7f5321d6f1d0ea4d39b2bff52bf3a5fea3eed7d7344369cf4e9dd0c7230f0068f85f3ab03138f40d168d167d8c6b04727be9146b10cccb678642
- SSDEEP
  
  768:ox0tgBlVTWAZGc8NnKwiQcpYdzvBLJ2hk0DbzS3DEa:GJ9qNnKwrTBLivDbz
Score

3^/10
behavioral1 behavioral2
- Target
  
  out.iso
- Size
  
  99KB
- MD5
  
  bbf3cdd2658142fff4e3d7f661be17a8
- SHA1
  
  c9ec0be415772160f6d21d71e1472688ce2301d3
- SHA256
  
  8002762c521651655d972ec4f68027e69059be75963831d61cccfa0415a06b7a
- SHA512
  
  83ce468efa6b7f5321d6f1d0ea4d39b2bff52bf3a5fea3eed7d7344369cf4e9dd0c7230f0068f85f3ab03138f40d168d167d8c6b04727be9146b10cccb678642
- SSDEEP
  
  768:ox0tgBlVTWAZGc8NnKwiQcpYdzvBLJ2hk0DbzS3DEa:GJ9qNnKwrTBLivDbz
Score

1^/10
behavioral3 behavioral4
- Target
  
  ORDINE N. 7899029032024.wsf
- Size
  
  38KB
- MD5
  
  e6c28d00af313e5553809980509c5621
- SHA1
  
  dfd516eecc849ff1d2a689752661fb743d3d9fd7
- SHA256
  
  1e72fac88549ccdbeffb180cd10f1b0a6a2edcadf1a97294f2e199aab28f3372
- SHA512
  
  64b654fa5b1efc31d0d6d55b114b9c68c488b1438899a4a257f24aa31c279f13b59a6f1e976301f055503c7720e942a7d3325fa90014aeb7f3bcf3a06049de8a
- SSDEEP
  
  768:/0tgBlVTWAZGc8NnKwiQcpYdzvBLJ2hk0DbzS3DEa7:pJ9qNnKwrTBLivDbzO
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Guloader,Cloudeye

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6