agenttesla | 1d8c80f52a16666330f204788cc9eb42d0439a4ff81ae39ffdf3ad3103751366 | Triage

Sharing

General

Target

Protect.rar
Size

2.9MB
Sample

240524-szj5wsba73
MD5

3b2cbe7b708cc29f9bd6131bb5f713f7
SHA1

748d27ad13d0216f924735317be579ff7adcaa20
SHA256

1d8c80f52a16666330f204788cc9eb42d0439a4ff81ae39ffdf3ad3103751366
SHA512

3565f70813adbfb06226a26ecd66fb068c03b7a17565bafa5ef507ca49a839d6cff053a682ce27eab25b9a817e5b794bd25dac2b31172b7e8708679eec1f2303
SSDEEP

49152:I5Bdkfblp10z/MDhhEEJrneobhInah3edweoDfkOJxm/zDrTUwjzNpOBOzm0:I5BslPKMDhhrVnNS0ew5Ds3zDUwPjOM3

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  Protect.rar
- Size
  
  2.9MB
- MD5
  
  3b2cbe7b708cc29f9bd6131bb5f713f7
- SHA1
  
  748d27ad13d0216f924735317be579ff7adcaa20
- SHA256
  
  1d8c80f52a16666330f204788cc9eb42d0439a4ff81ae39ffdf3ad3103751366
- SHA512
  
  3565f70813adbfb06226a26ecd66fb068c03b7a17565bafa5ef507ca49a839d6cff053a682ce27eab25b9a817e5b794bd25dac2b31172b7e8708679eec1f2303
- SSDEEP
  
  49152:I5Bdkfblp10z/MDhhEEJrneobhInah3edweoDfkOJxm/zDrTUwjzNpOBOzm0:I5BslPKMDhhrVnNS0ew5Ds3zDUwPjOM3
Score

3^/10
behavioral1 behavioral2
- Target
  
  Protect/CodeEncryption.dll
- Size
  
  6KB
- MD5
  
  1b00d472d9eb115ae1596e8cc531bde8
- SHA1
  
  102273fea413961e9b9d95ec738530829050ee2b
- SHA256
  
  39713a232bb83cf4a1484e81122e721853c1d8e0c6afbf8933b632763edaef09
- SHA512
  
  ea1d15327c6e52a40b321b30bb4b4f760e58713d73a670c9462ebd5c8da2411fb0d6016687fb969d05051227f7972cc3d3c0196c142729598843d394b5d96eb5
- SSDEEP
  
  96:C1x3zZJmALlpSPt9Slu+7k02jPZLYJ+YmPTkhKWOu78zE/:iRm0bRkDjJIhKWj78Q/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Protect/Core.dll
- Size
  
  314KB
- MD5
  
  fe11aaa70f1e043c753c7306653e1cec
- SHA1
  
  54bce571e79d34f7c5affcad16854a4ecf5730a2
- SHA256
  
  ae9ec9fa90a899125772e208f08f1f3b10db87626ee8e83e46d64ab2e4c672c0
- SHA512
  
  5f1325912ae8b0a8adefaef12ee65270c003fd82f56187240bb455b9e69d9ff1e022272d14284642d07cd54717dbfb24ec147e49ab132ff6ceacba8be9b1884d
- SSDEEP
  
  6144:1BfrFM68H+zqPnWZPmC9UV/WkKu+3DuYVqVXP+JtLMJs:1BfyyqPn+UVWkKLDjoVXP+r
Score

1^/10
behavioral5 behavioral6
- Target
  
  Protect/Core.dll.config
- Size
  
  420B
- MD5
  
  e3d2741928e80b1c896e9cd0c89eb905
- SHA1
  
  2e47a6ab3ec84d7b7ccfa52f4da45df456e421fe
- SHA256
  
  4cfa2763c40c898330415a35407ec494bd139422f9b01bd0045ba787d149e40a
- SHA512
  
  1a442ad424d5e258414ab4b8e4e223d54f356f786ae12e4ccdbe4acdade72bb4f33a6e26bb2e77584ab4dbc71e0c116865f33f99f676b43d9ea1247c30685924
Score

3^/10
behavioral7 behavioral8
- Target
  
  Protect/Custom.txt
- Size
  
  6B
- MD5
  
  77d4f35d1d9a17a5503b51b5a150e897
- SHA1
  
  85fe58af866686ca2932c6fcb2808beb00e0f1d5
- SHA256
  
  0507c9fc0c92e98858ad4b93e4e8f2e131f7ee8e705673c78a0701b962463a9c
- SHA512
  
  80dbd56996fc9103397d8b3dfabdf436eac29ba242e2c65b16ef0d7ddf3cdee51785893c5042dac8f6719b347d9863c7a0560d25380f043ae2563c86c55f8df4
Score

1^/10
behavioral10 behavioral9
- Target
  
  Protect/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  278752062981db6fe27ba55f5099b8ae
- SHA1
  
  8446637986cf4a24e9135ee5c54f3170600e1e83
- SHA256
  
  538e6ca6001d609e251f88243409a2cbc9bc0517751843e76485a2c335e7829b
- SHA512
  
  142ff82ca90ca63a6a854e866615d742b585c102e8c4de5c773edeb1ac30c2cc2f6bcb190da394e4aadb4ef9518d194d99904463d6e952170d2924b16fcb00a5
- SSDEEP
  
  49152:PQNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckFjvkoEFB:PAhck1
Score

1^/10
behavioral11 behavioral12
- Target
  
  Protect/Hardening.dll
- Size
  
  30KB
- MD5
  
  e77b47a6fd55eaabd9f4ed5bc9290408
- SHA1
  
  f761f8521d6fafaeeca76f80bf6ea4b4b4ffd39a
- SHA256
  
  baf1502b89b002095c249c8660fc0cf432b5718f13c554b6628057d04c619b0b
- SHA512
  
  38833e914270c401c5aef7f0fc3981b0eebd3a8735ceac4ca489ff674efe8c15df4891f021c0652f38fa6faf69b65c031bc964006756b9fcb805dd4888b2b48e
- SSDEEP
  
  384:H5/uQkzHPTbPnvPcFWWgrVVBfl3zDRDzAHby+WXk/5X/oNqJ6SvDJKHUCTjpIFFW:Z/IYFWWcdFzRUbPBXA4R0jeBsSCkOv
Score

1^/10
behavioral13 behavioral14
- Target
  
  Protect/Hardening.dll.config
- Size
  
  693B
- MD5
  
  7cffc162b332913310f09a9c3691f42b
- SHA1
  
  1dd4c4ade0e15ed4e64ca978a988f44718cc2eec
- SHA256
  
  04a8623c12ab0ed3704d8bf59adf492e7eef4e1848a3cbf76ea33ef866e1bc37
- SHA512
  
  6d1721f771f6374f2e9ed820a53f1904e8c79bfa4c817bab1f6626fc1995d17c114cc891a0d18bf13dce03386373e98544230d8b36bfdf9fbea53d0c6d567f8f
Score

3^/10
behavioral15 behavioral16
- Target
  
  Protect/Runtime.dll
- Size
  
  24KB
- MD5
  
  b3961dc1d59bea84865aef7334e4624e
- SHA1
  
  82cbb364f6061c34fb922b7dee9194146a249e83
- SHA256
  
  fbed8fa972010fe09bae30f92b6fb1b872a4291da8e6a71b82d7e968467e2212
- SHA512
  
  8b0b96008fba174c34f4dea99017cb17f25ecd1ad16a91c8c8074b7e151270f976761854adb5c5dbf480133763043e0134d9fbe8d76cce7f60b3e83351023215
- SSDEEP
  
  384:7POagYLG/eB5OezkmTRGVVVVG93UnUWn/Tk991DhuRxgDVwwBEH:DOK77k8h93rT91YRxKwpH
Score

1^/10
behavioral17 behavioral18
- Target
  
  Protect/SECURE BYTE GUI.exe.config
- Size
  
  532B
- MD5
  
  9fca48d74c2f1f8ae46c270c7a9fb5dc
- SHA1
  
  91b4d72dba8e0e1ee533c56b6962b5a9acdc02cc
- SHA256
  
  9c57e0aa56a2e086a674c39080765b349c7ffbccd8ec77c4e30c8cc8e3588260
- SHA512
  
  5d09fec5ad0e64b1e95ba61c666eea4ab05f062fef2922ffb48764a71d584f7aa19a9ccec9b1f4901315f18930022545270cd214fd4330e74396d4ea3ce931e8
Score

3^/10
behavioral19 behavioral20
- Target
  
  Protect/Saved.txt
- Size
  
  565B
- MD5
  
  701d7e12a9c8c5b6b6a9da85374f3374
- SHA1
  
  8e2b7375e9c94075092928bc9d31d19190348271
- SHA256
  
  24db43e0c9a5169f1cf19beefbf5c39da0cb641f3a985e03d03f2fdcc1b93892
- SHA512
  
  e0d8cbdc77dc61a637dc9d59e9f7532578f9751af709bc3c3f8eae4dea297159cf49d51430a1bab460e9aaa49906c94bcf67464252964cc65870b981f9aefcd1
Score

1^/10
behavioral21 behavioral22
- Target
  
  Protect/VMUtils.dll
- Size
  
  4KB
- MD5
  
  673d2f5daa3363a3b5f6c4db2ff2c693
- SHA1
  
  e47cc6f683af6434c168c41f6da2d93cd74035c9
- SHA256
  
  1d51cd7d1e42ade90d836da74eb1f172e49d6e9cc8b16855fbbdd0d1ff8aa8c8
- SHA512
  
  96c7d17485db28df771350dd5fbaba8be062a3eb4b50b936ac21030fc8cbf223612b4558dc2c0608f11532bef0bdaca4afa691729eace90b0c27bd6eaa73bd6e
Score

1^/10
behavioral23 behavioral24
- Target
  
  Protect/Webhook.txt
- Size
  
  124B
- MD5
  
  b58e50429077fe682b07c7b3e64bb3fd
- SHA1
  
  cc762ec39281c7a7c4f865ad013c874f70934c1d
- SHA256
  
  93c539de495b393440bb1f3f36cf1f843872a99694292997fe1a57f7c1e4ece0
- SHA512
  
  7206dc0986f6d4d452345561183208f9a3913895c8178f8abb23128747fa4a284e94a1eecd313764ccbfb4df41c72681471f269c1b361cdf5f4fe8c4671dfe09
Score

1^/10
behavioral25 behavioral26
- Target
  
  Protect/bimno1-JIT.exe
- Size
  
  3.5MB
- MD5
  
  9fcdeaa7788f4594d0f99939aa68e889
- SHA1
  
  c463364816644fb51c54f863e4385dd9780783a7
- SHA256
  
  5a2d9d0d5355cc4e7190fcc65456a2463e9f70ea80401e94cf167dd313751c08
- SHA512
  
  a5c10f86ee9c132c3379952673706f21b121cb8877ef0a4c50bee8adf1eec4762bd1de7f9231974e985118b5c94cb6106758ecd27b4dd94a7d13118b47631e65
- SSDEEP
  
  49152:ChnD+vBJKn2KGPwWMF3jr4Bou1JM7XNUPP:ChnKZBwWMFzr4BlJM7XN
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral27 behavioral28
- Target
  
  Protect/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  3d913aab7b1c514502c6a232e37d470e
- SHA1
  
  28ac2d1519ec5ea58b81fe40777645acc043b349
- SHA256
  
  bdb84aa16678189510def7c589851f6ea15e60ff977ea4c7c8c156504e6ac0ff
- SHA512
  
  311e8f73c52dd65cbaf9f6e008b3231090ea99edf3471bac63cca4156a37a0d874ac590b19c01b15e05345bb6a5b636a11698bbd4e88c59c138dd3f358800027
- SSDEEP
  
  24576:2gW20arTgWkk7z2B3Kqwf11Ot9Awr89Iv7f+NGGL:XC3o4swrY
Score

1^/10
behavioral29 behavioral30
- Target
  
  Protect/dnlib.xml
- Size
  
  1.8MB
- MD5
  
  4f66f6d14a67bbd0f70012557d88d17b
- SHA1
  
  d378a9d3fefa6b152c571471c0f137f10fff3151
- SHA256
  
  f453807c0866bdb424541c9297a4c55107143c0103cb84f23d070044f62b7273
- SHA512
  
  4ee56fd74dbbcaf4ba0ba41a10c4c88bde0d12b2a01afab71017acc1b604658ed9f64b03a0a0876d295c3591ff000f0fd75cdf622612027bd8860d811e6e7b34
- SSDEEP
  
  6144:VTA+Hp1CIPAqPFgrOLkOXhR+y+cNUaOtCW5n:dp1CIPAqPFgrO7XhR+y+cNUaOtCW5n
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Virtualization/Sandbox Evasion

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

agentteslaevasionkeyloggerspywarestealertrojan

behavioral28

agentteslaevasionkeyloggerspywarestealertrojan

behavioral29

behavioral30

behavioral31

behavioral32