agenttesla | 43fc4d67b0150124d5da346a700b4cfc92a91c141653d9d3cb4beddb91642aca | Triage

Sharing

General

Target

Asuna+Lite.zip
Size

1.5MB
Sample

240727-hln7kssfln
MD5

7e08bf437ca03b5685c4649dec1ae55c
SHA1

d1a09a70897b729c039e01db55c2d5ccca279684
SHA256

43fc4d67b0150124d5da346a700b4cfc92a91c141653d9d3cb4beddb91642aca
SHA512

e0cf7488b8ef00383d6f4d9125bb82ac0b24395f28de8f6f454f70475bbd96d97e6387bed6c81f9b76ac4f663306061212964a49b6cd7c06dd8c9aa9fc25fde5
SSDEEP

24576:AlECVRcWzIIgUGqCynztUmywH3MbRH1YlGZdok6b1NrL/zNbTwUOaG0TO8:AX7cWzZgUuehUjU8tHgwdo3L7Nfq8

Score

10^/10

agenttesla discovery execution keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  Asuna+Lite.zip
- Size
  
  1.5MB
- MD5
  
  7e08bf437ca03b5685c4649dec1ae55c
- SHA1
  
  d1a09a70897b729c039e01db55c2d5ccca279684
- SHA256
  
  43fc4d67b0150124d5da346a700b4cfc92a91c141653d9d3cb4beddb91642aca
- SHA512
  
  e0cf7488b8ef00383d6f4d9125bb82ac0b24395f28de8f6f454f70475bbd96d97e6387bed6c81f9b76ac4f663306061212964a49b6cd7c06dd8c9aa9fc25fde5
- SSDEEP
  
  24576:AlECVRcWzIIgUGqCynztUmywH3MbRH1YlGZdok6b1NrL/zNbTwUOaG0TO8:AX7cWzZgUuehUjU8tHgwdo3L7Nfq8
Score

1^/10
behavioral1 behavioral2
- Target
  
  Asuna Lite/Asuna.deps.json
- Size
  
  1KB
- MD5
  
  002373b12dbfd5d6141ab74065e4b8ee
- SHA1
  
  c2ed967b0588a30957c5ea891071f45ac4ed3dbc
- SHA256
  
  8bea64e412256cffda9ad3d27b5966b1211967dcb722268de1be2b64172c7ae2
- SHA512
  
  347c9f957fffa7e77cc934e248f02310fbb5f425c34e19ab6c714f6d0f2fcbbea03e335c3cb4277a9b69ecdcff13eee286ba8b874b0a4b433ca3f8bac3515746
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Asuna Lite/Asuna.dll
- Size
  
  636KB
- MD5
  
  d908d86fc1c698e68a8d048f8c4ec80e
- SHA1
  
  e63592ebe54bc04ae7409623bbb385dbe4a85fb5
- SHA256
  
  cab614003e66def1ccb21ad41d66172c1da900b7e10b0d15816f1d51861f13cd
- SHA512
  
  f58974014e4ea9b044b9bd653bca3330ae5f77209c93f84797b7f8919a2cfe739368acf4067e3b6c72198676311b75dd32be0d878ea48f10885141b5c208022e
- SSDEEP
  
  12288:ESgAPdZrsAMDxz4yhbRrRpIReNzIIvyYp8DKbIoSV9SZynnloO:H4A84y/Rw2zII9so29znnt
Score

1^/10
behavioral5 behavioral6
- Target
  
  Asuna Lite/Asuna.exe
- Size
  
  363KB
- MD5
  
  14eded1661b6adcfa19d9cd43b7a8148
- SHA1
  
  ee970fac39ed665195fc89fba0114c2dfb663c11
- SHA256
  
  6e9c819d4327b2319a9a336acc4f5b7c53e0b284ea66d28534a485a8d038dc94
- SHA512
  
  8c6d356e9ecacc7c5b9d2e79b80a5924f0cd790132734af52f2d4a1da3dffaac1a924c4b19fb7b1bfe7618828b4f24f912431c9c74baf15281daf44271febb74
- SSDEEP
  
  6144:xAi4pxpRkyHRZa0Gl278IVNcIcW+EbIo98QG9SZyMMyzmBlpkvOD:x4RlGI78IVlbIoSV9SZynnloO
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  Asuna Lite/Asuna.runtimeconfig.json
- Size
  
  340B
- MD5
  
  253333997e82f7d44ea8072dfae6db39
- SHA1
  
  03b9744e89327431a619505a7c72fd497783d884
- SHA256
  
  28329cf08f6505e73806b17558b187c02f0c1c516fe47ebfb7a013d082aaa306
- SHA512
  
  56d99039e0fb6305588e9f87361e7e0d5051507bf321ba36619c4d29741f35c27c62f025a52523c9e1c7287aabf1533444330a8cdf840fa5af0fa2241fcb4fc2
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Asuna Lite/SharpCompress.dll
- Size
  
  580KB
- MD5
  
  30b5c4d9a654dd291b7ea435211f60c5
- SHA1
  
  374071d9c244eccd998eeb8aa4eb5969043f8a3d
- SHA256
  
  0a5a8c3607938a65873251693cd752b05f6f34370ad2fe82f1210e4d925b1675
- SHA512
  
  8952cc715e79a36948584084a51fe3d297d03c4d801daeb2af10fc1cdae67fd07401315fac7da591394a1448f7d5d847e424d89c20bdd4d7cc2ec7c31bcff73a
- SSDEEP
  
  6144:hSojDxWjfP9lU3AS2agAuStn7+ixIaJPXbEm4XjgRx8c9Xrfkfam5swjCu1MDvM:hSos7w3DpgAYVaJA8R+k9YsOlU
Score

1^/10
behavioral11 behavioral12
- Target
  
  Asuna Lite/ZstdSharp.dll
- Size
  
  401KB
- MD5
  
  09f6ded9375793bfd5a931faf164762a
- SHA1
  
  413a1538da849ff4f5037582c4828b6bd444544c
- SHA256
  
  abb3a24a17a41e5a7b7f6a7784e55ffad17ba1ccc5f18f3369ead1f126c4e120
- SHA512
  
  2d80e2ff6ff70f6e49d29d5f422f09148002e0a084c9248d3e3a628b9180792442c9f85c9a8fb7c996f520a1a653bd4710d8b0ab09a6c0816e0c6401892547c7
- SSDEEP
  
  6144:VTwjPLjGfYUfNYbwnTIDifsJIoTgIxLDqMP545CCEnipnV:VTo3YYgpnTtUJm5CC
Score

1^/10
behavioral13 behavioral14
- Target
  
  Asuna Lite/bin/API.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16