agenttesla | 52956935c2cfda3595e58626d19c945ae23254fdc558fe1e3e5179c50d459e9c | Triage

Sharing

General

Target

nixware.rar
Size

1.4MB
Sample

240419-pmne1acb39
MD5

54119a068e3471bac0c1c31df2e20090
SHA1

e79c0596cca33bd18c849c46e726e495c8acfa3d
SHA256

52956935c2cfda3595e58626d19c945ae23254fdc558fe1e3e5179c50d459e9c
SHA512

3fe693d5b75be8fcd742fb5048c28daff06e3ce8e4913c47a90939e5fd41c8d0577b62b06d1e5f6060ca4428814bb6ad393a4c2407fb6e5579b9f9a126f2e283
SSDEEP

24576:jrATxdDgfzEJXGTGkW1D8dH7qgqEmZFKyAhkjv1FtA1kT3zcf7sBKemTDnv8GGEY:3odDgfzq2Cku45Pm2yfjv17AuSQBwn0f

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral1
- Target
  
  Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  2474124f9a70301411e5a42caa0225f6
- SHA1
  
  23c561479001148931601b14889d0c10c1420e85
- SHA256
  
  283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4
- SHA512
  
  a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff
- SSDEEP
  
  24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF
Score

4^/10
behavioral2
- Target
  
  nixware.exe
- Size
  
  628KB
- MD5
  
  3736bc893ee1f794f99137cf40264e60
- SHA1
  
  4a7734204d5d51c86db2553d29a17a5dea1d0e8f
- SHA256
  
  b3372ae98fa4d179c7db430d89d588aca2288819851e88c507ccdf4be9c7e262
- SHA512
  
  1d236c0ffe68a4df82f2026b59d505a42293118f3169c5ba96d955b0a80b733125092167075b96ba91aa1bad26cd1233ac6a5e536d22d0dc2302900195e60cbf
- SSDEEP
  
  12288:Q36LbOlZAbkrB+714Xih1r8lXjFkrB+714Xih1r8lXj:Q96bw+7Brr8lXpw+7Brr8lX
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslakeyloggerspywarestealertrojan