agenttesla | 3d668ae44d21f18c8b8eaa80a1421ccbae3922d7a904176f8be30a5be0cdef9e | Triage

Sharing

General

Target

62785703dbd48226259b994a57c0842c_JaffaCakes118
Size

415KB
Sample

240521-h3w9hscg5x
MD5

62785703dbd48226259b994a57c0842c
SHA1

395a5b5954fd1c3edf300df1ceb4af2c3fe66ad9
SHA256

3d668ae44d21f18c8b8eaa80a1421ccbae3922d7a904176f8be30a5be0cdef9e
SHA512

dc4c79751b6239fe2c601a41d30680ade2e665b036831814e52bd9160a806375aa050d91e103c3fb36ea619e3861635317d0df477be67d40454a7e9626215dbf
SSDEEP

12288:1gEva024dkrtvE/9chdxtZgFD5lKDhN3bAaY4LdInIGiwCGZ:AOdqtsl2ZgFDHaZbAQLzA

Score

10^/10

agenttesla collection execution keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.arabianwebdesigner.com
Port:
587
Username:
[email protected]
Password:
ax~GmL390[b%

Targets

- Target
  
  62785703dbd48226259b994a57c0842c_JaffaCakes118
- Size
  
  415KB
- MD5
  
  62785703dbd48226259b994a57c0842c
- SHA1
  
  395a5b5954fd1c3edf300df1ceb4af2c3fe66ad9
- SHA256
  
  3d668ae44d21f18c8b8eaa80a1421ccbae3922d7a904176f8be30a5be0cdef9e
- SHA512
  
  dc4c79751b6239fe2c601a41d30680ade2e665b036831814e52bd9160a806375aa050d91e103c3fb36ea619e3861635317d0df477be67d40454a7e9626215dbf
- SSDEEP
  
  12288:1gEva024dkrtvE/9chdxtZgFD5lKDhN3bAaY4LdInIGiwCGZ:AOdqtsl2ZgFDHaZbAQLzA
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $TEMP/35.opends60.dll
- Size
  
  57B
- MD5
  
  b330e04d27f2b76246c9401bb9df8405
- SHA1
  
  fea5928cf1704d14ee717bb703c65aedfb194751
- SHA256
  
  99e399e564c46308a2ec22a427f5338433a820c09ff559c8f6488be9199ed1ad
- SHA512
  
  b07555fa3fb5e11e91583c28922f5a59f09e0cc8244b3bc5e62cfc231cd4a4da080f0653d404ca9a8ab332f61e393ed17235858e84dca0578f8ae51e9b5f30a9
Score

1^/10
behavioral3 behavioral4
- Target
  
  $TEMP/Ombudsman.dll
- Size
  
  59KB
- MD5
  
  0af19ccbe32fdcd21131b088b20b2707
- SHA1
  
  bee2b5257175d3184adc035c3a4f2f79a0058016
- SHA256
  
  1454042d93c71f7d9b802e93d50801d0e43cdae11cfc26c113185c1055062f90
- SHA512
  
  3a2e491ee1e6c4836a445d417932f65f92c2e0ff686391e58c1fbc382503e97c52037d48c19a93eb98c8861c0af4237aaa187ea62da1c9287086d0f5b9d94a07
- SSDEEP
  
  768:4SsgRWu/FOPf7qhxLmnTEDN3vyWColJkiPAQNsMhAqd6qrZdSCHaYo20E9GDeagN:bJUWW7WiTe2OSrpn/LD
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/PermCalc.exe
- Size
  
  28KB
- MD5
  
  c2efc9fcbbf2d6952110fea17841b71e
- SHA1
  
  4860494e79e88beacb0155584056699adb073f44
- SHA256
  
  57f248daa64d83c215189a3d38b9692f93125273ee046328febe33e69df01ded
- SHA512
  
  5aa7033b6b9de91c309554b354d47d63c08d15d4d5ebe4ac6e98e059873c74149c869dea731a2754ca31dee526f27221cd210555693e5f6886cc26d271f39ae0
- SSDEEP
  
  384:xL8f6BoGrFTth3SAUnZV7OKAyXSKglWYbW:98iBoGxtSHqKgB
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/TreeCell.js
- Size
  
  4KB
- MD5
  
  4d141a6395854dd8e40683514af9aac0
- SHA1
  
  cc71c861ca5106b71e649585d2c8733397a6c4ee
- SHA256
  
  f438b49a1a8e1ad9620dc5010fd0df3d2221e03eb2c873d35a1dc1fa97d87d50
- SHA512
  
  0de5e55003b064c3db0e9d753e81438f0394fd7e4df23f4c4a799bcef02eb09efa91e0ed2b5d1be8c6a6fadbb2f443b1395543978c6b8435e776082d5ef2d181
- SSDEEP
  
  96:KD8UfqOG6Q8j9YOCaLharzcqOZ9baKES4Zm8/j5:k8UfqOG6ZjKO7LharzcNZpUfJj5
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  $TEMP/UserControlTestContainer.exe
- Size
  
  19KB
- MD5
  
  bd46e0d70c52df86a2fc76077371604d
- SHA1
  
  a74e6b9995965131f416c4679ca1a7324d6000df
- SHA256
  
  946e9250b1820717b660517f3cde46eaa0ca7e408b916a2684f9965b4f9abdea
- SHA512
  
  7247ce33bb6909b69315723862ed9140e661d753360719c53cc3e517190d7e2bd3bba33e1e5601f328d32c82d20cd196d154effa3d685e8864f2622ba3d97a6c
- SSDEEP
  
  384:B9Jud3SjOlcjBbtKi8aEhfakZodDDcQjlT7cLIUXR8a3nyEfuRMWAN7W:B9bcwlT7gBNR6Q
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/ancon.exe
- Size
  
  33KB
- MD5
  
  a5386e43312efcd34688755bdef14b92
- SHA1
  
  29b0e9d83ae84b870f85826c986d60443adb3982
- SHA256
  
  74efecb40ecb35dfa1af6c49574e4b856583ec4a37c39e8a95098434520e2879
- SHA512
  
  e242d1c70b0f694b3fd0759f72e4d5b3d30d944b0ebc0796460b0662ff47a10cf32699ccd83b9463fdfa270e8ee260c2eec9daef87159c3bda938452901b4c18
- SSDEEP
  
  768:JyMQ2e3MqssphRmEucIUEDUAn3mlh8wrT:1QJ8EHut1K8wv
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Accesses Microsoft Outlook profiles
  collection
behavioral13 behavioral14
- Target
  
  $TEMP/conmanui.dll
- Size
  
  7KB
- MD5
  
  f5d725834297666af1e1f47086f7cd20
- SHA1
  
  38730799b170f8d424cc544dae0a9f12d68779c7
- SHA256
  
  4c07b4576cce1089717bcfefdca7cfd9bb73b73319443479920da5e97533b8dc
- SHA512
  
  b9dbe3a96d56136802e9b648793c8ca169b52454635703204962319896c5537c73ef1027caf7db39f309aaf612815376057e64e38c970595c4f3a7ba851d0d31
- SSDEEP
  
  96:zNEWPUPXTWPVtp+prAyGJ7yuFsY1HBMoGoLkpDt:iW8XTWNtpN1JW4Rl9L
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/makecert.exe
- Size
  
  39KB
- MD5
  
  ed1c00557cde869caa963bbf9c820f05
- SHA1
  
  53bbd8b86fcbee9316e02af399634522b12539b0
- SHA256
  
  4d50ce341be70511e9a871dd347b3f5793ea97787cdfc92045c0bcc8aae6e298
- SHA512
  
  509afc51b647a6904a3a4abf04b43dfaee5fa0878c3a822fce84dd58ce2ab1c15a38610487c520ca6f7c42ed37d754df55a82b0a81a28d31493f2535d9568405
- SSDEEP
  
  768:fqKIjHhW0CfW0FKT7vZKP1xG69D1/gEehcaLnTJ/2acSd:3RnfW0eoPPXpCnTJ/2acSd
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/ubi-console-setup.cpython-36.pyc
- Size
  
  21KB
- MD5
  
  598ca3a5509a1362bb29a4af0577b964
- SHA1
  
  6f73a6575550dbb85d7e15e3528cb1919690431f
- SHA256
  
  08b9dc7de2a3c8864079570f1aa766737e8c410c7f60cee6157d127189391cce
- SHA512
  
  5aeece830ec39512144f265fc91bdb1f83efc9a565f3d21921b74e1543137adf6fac060ce19ba722fddbc5a009a7cc1380bded701202e3890734d14686f608d3
- SSDEEP
  
  384:PS4WSi3bMeIvKgBJ8ZDMK4icWPetLJchVU8qiQOPxquoCXSXrj2+Km:PeS6YezJA9icWPqchVUyXS7Xl
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/vcbuild.dll
- Size
  
  11KB
- MD5
  
  1b84d7e16763d4686874c20e07437bec
- SHA1
  
  9d3088e977c5b6a322bdeb538487a73887fbcc0e
- SHA256
  
  a020d37724b738aab3c295917b6a23f8de45449177615a88e7c93627de424280
- SHA512
  
  4f9715ed1d8473c884965688dc9e4c06d53143240909c096ef340ed3e4ddf157331b0417fcb334a5c8b2b7c25b609f21262d8f3863567e3cbb4e05a3396f4821
- SSDEEP
  
  192:IIeYBmMNCZ2LjRj23/pv6u5TN3XSGMKS6vrkrbAVuWDxpBSWNLft5AgI/:LNBma2GjR23/IuToKS68nWD0WlftpW
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

agentteslacollectionkeyloggerspywarestealertrojan

behavioral14

agentteslakeyloggerspywarestealertrojan

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22