agenttesla | ae8345d57eedca223e8a679b2f00cd5607065c061e2b7f557e4226065656baf1 | Triage

Sharing

General

Target

CRYSTAL_FREE_TEMP.rar
Size

701KB
Sample

240329-ng1mpsgd92
MD5

0899273eb0c7f273844e8b089a6291f6
SHA1

5cf74362ea1586d8a50d5f1877ca8fbb6f7ffea7
SHA256

ae8345d57eedca223e8a679b2f00cd5607065c061e2b7f557e4226065656baf1
SHA512

f28b41b788dcd1c73a153e6c376fbf78141f24d736b81f1542563a0185146828d9e3542ea197ea9e8f84439d966579b0e360ae291007bbcd2eb5495d976a3efa
SSDEEP

12288:V6iuMdOo+mtnJacilvsRMsX4gkNub6yjET7X3IsmVWbzZ9rH2XklyucX1:8iOo+mtJMvs6sX4z/xTxm0bzZdWXklyZ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  CRYSTAL FREE TEMP/CRYSTAL FREE TEMP.exe
- Size
  
  162KB
- MD5
  
  4290e1fa2f3a89e1e7051f6724e2bb9c
- SHA1
  
  21a7127471fe6b11b98800042066020b74640daf
- SHA256
  
  faafe7e101f523c5903593bf66d983635b418e0e02bb31eecb5be4a6fa393b75
- SHA512
  
  63b07d2f10c5b300f6377f9820c217e67c95838c51b08dd7f9f82c43fe5af1b806c39808b5ee180667e7bc8277330eef5e119b2a5ab16a2aa2a2e7e3bc322856
- SSDEEP
  
  384:v3J79ssTOKfE8aVdpj7m1/4sI2R6gVA+s0lDPSP5tgVIkvwKwq6uOU/JPVUvsjL7:vA9+R6gC+7G5KtxPVp2r1S
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3
- Target
  
  CRYSTAL FREE TEMP/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

behavioral3

agentteslakeyloggerspywarestealertrojan

behavioral4

behavioral5

behavioral6