agenttesla | 157567f9e18be2173d07ca32195e2d583f22978570c4c5ec5d1dbcbc8c9c3d03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VISUAL_FREE.rar
Size

24.2MB
Sample

240608-zy2f4sha75
MD5

58a46106a948aa876a6c2ddcda519582
SHA1

8ff7389dbf465431c706e0ac558aa937668c277b
SHA256

157567f9e18be2173d07ca32195e2d583f22978570c4c5ec5d1dbcbc8c9c3d03
SHA512

26d643d17caf7f850c9c9e4428cc7b717ced0e2a0a99a1c77956816b93be2c172c2e3cdb44de3208bc45b8eb02d7047aa541ac67fda88a691898d2cd5024708e
SSDEEP

786432:3ZamZpHiM5Qdrzy9TMH9X/x5pCBk9QTeVPqJ0wt/j:omDCTre9yXJ58dI006L

Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/INSTALL ME (REQUIRED).ttf
- Size
  
  151KB
- MD5
  
  6f1520d107205975713ba09df778f93f
- SHA1
  
  8a4ace9392d06bcb7f8ea2f5169b07e4c383a90d
- SHA256
  
  248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
- SHA512
  
  5e40d2ebe39605ed0c2d8be022dd716e51b018e1bb0ae0101164e1e02bcf6b7cca5ec0da2ebcb533d959ae766af8863b27d62efbba1755e9e8d45e7bce51fa36
- SSDEEP
  
  3072:0FyHGX8bZ0eysTnqHvobJixBp0TKf3H5z8MkKURj7i8w+fW+uQ:0kHGsysUnQ3tX
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/INSTALL ME ASWELL! (REQUIRED).ttf
- Size
  
  203KB
- MD5
  
  627d0e537f4a06a535ae956e4a87837f
- SHA1
  
  0b3d2153576f8ec576af1c89e4793a3dcf0ebb0c
- SHA256
  
  e1bc0a0ff1fff1d1c69d2550998717cc8c780c4a8a5b334a41e36aff5d2f98ce
- SHA512
  
  dd534c5358746e07b71d3b3cc6f17886b4ad0c800e0ffa418da424efaf661bc1d97fe99f3cf8cd6ce5beef4cf1609c851b6d15d8784c3f4358be5f0781fd8f8e
- SSDEEP
  
  6144:Pfsyubil/CH+5OftuSpdikAUMqY9J8sYi7W52Oavz3BTvjK:1uCY5kSpbvsJ8sYi7W52Oavz3BTvu
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/INSTALL ME TO (REQUIRED).ttf
- Size
  
  147KB
- MD5
  
  14d00dab1f6802e787183ecab5cce85e
- SHA1
  
  645e04c53c6b5b35bce654a811ebce16af8aa721
- SHA256
  
  291e4388a436cf0c0d532ce4735a4ca36bd2286912b051ea423d5c383be06cd7
- SHA512
  
  283149857c0cb618f7f0fb16579d30a3fbb842d74a6defeb3373eb6e3df905a822a089635b58118651911e8930dfd39053e52693451590c128c7874ab0f7044c
- SSDEEP
  
  3072:9RftHRC8WOLzrxJzymvVGSpsFJauMUMsItEYxEj3:XDlGSpglItEYxI
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/RUN ME ALSO.exe
- Size
  
  288KB
- MD5
  
  2cbd6ad183914a0c554f0739069e77d7
- SHA1
  
  7bf35f2afca666078db35ca95130beb2e3782212
- SHA256
  
  2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
- SHA512
  
  ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10
- SSDEEP
  
  6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  VISUAL FREE/VISUAL FREE/INSTALL THESE FIRST!/RUN ME FIRST.exe
- Size
  
  24.2MB
- MD5
  
  101b0b9f74cdc6cdbd2570bfe92e302c
- SHA1
  
  2e6bae42c2842b4f558bd68099479b929bb7d910
- SHA256
  
  4dfe83c91124cd542f4222fe2c396cabeac617bb6f59bdcbdf89fd6f0df0a32f
- SHA512
  
  ccf4fd7da2c3440f1bc7fcac67c8a12599eab8d5c015affdc2e439fa30f5c7868ef5f52ede058361faae37ccc4af2c17c0adf30b8e1f852bb7106d0ec7162506
- SSDEEP
  
  786432:urp+Ty2SfUfnbu+zMFy/7zYgWXRLTArzttOaaFC:Sp+Ty2SfWnPzMFO7zYgWBLbFC
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10 behavioral9
- Target
  
  VISUAL FREE/VISUAL FREE/Visual Free.exe
- Size
  
  1.5MB
- MD5
  
  3a13abf4262c67c1b8cc4409f3c619ec
- SHA1
  
  154a2c04005d0835317a3b525a3ad40dad7dc772
- SHA256
  
  4c467b19727b3a922e915c27431f15a0d39a33a9e7ab411d311ed521979385dd
- SHA512
  
  9edeb7584978f3c49719eeac93bf00ffefd9764261163d2031f5623839c5543537f40cc44c70c2611b715ac2ab6723b74bb4f1fb256ec33faaec8e5f88799263
- SSDEEP
  
  24576:77o7X+gn2G9LJVJGnnA9FNQ3RGWZTCno8D+cM19s2XXCCLS/2ECRURusE6x:7Kr2aVJCAOGWZTkXMU2LaGRD
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

agentteslakeyloggerspywarestealertrojan

behavioral12

agentteslakeyloggerspywarestealertrojan