agenttesla | a84118a7fcb8218d0557da7783a964b69b425076bc5feb7d386174d332cc5258 | Triage

Sharing

General

Target

Pollos.zip
Size

5.8MB
Sample

240801-zjfabswdnl
MD5

05972d8b5764c1492f2989112dbd56af
SHA1

3fae289744ea68874d9b52f33f2311a1e068f4e0
SHA256

a84118a7fcb8218d0557da7783a964b69b425076bc5feb7d386174d332cc5258
SHA512

f7eca630ab5c5767bb444b9b5e5f4f19e1f83e4c337360e7525c85c663933da00327fe878da17ee6498dc7a0ec80d04c1ab73d4033f607a62cb24ddc1e98379a
SSDEEP

98304:i45TWVFCIv5/Gpt0n5ovLADyB7CYzcT3AXn0fXMCf8zPw4G2Z1fv42Wg4sQ2Cwjj:iGWHxE0q8DyB7ZcTAX0/MG8zPw4l1mur

Score

10^/10

agenttesla discovery execution

Malware Config

Targets

- Target
  
  Pollos/CeleryIn.bin
- Size
  
  44KB
- MD5
  
  5216142196b083af82cb46de13d54d0d
- SHA1
  
  e324803daaa1d7f4af0ba59859bab15edbb2fcf1
- SHA256
  
  349cefc77e004237535143f1123f08d21cdbc15169fb7bbc234dabdac738c2f1
- SHA512
  
  21977d1a65583979759e3dc17cfd42083c50d0d933940812a6963620e0aab3f890ff0b7b146be14c49cc70a37864404896aba23b7f04fa19c6bbc83e43e8fa51
- SSDEEP
  
  384:nVdzew6q0MEe7Tc8cZO1D9WDPAK7cRjoTYVJa5LoVMmA2QdwB5bh1r:VYiXFcZkRc3JTYVJaoNA2jj
Score

1^/10
behavioral1 behavioral2
- Target
  
  Pollos/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c97f23b52087cfa97985f784ea83498f
- SHA1
  
  d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
- SHA256
  
  e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
- SHA512
  
  ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
- SSDEEP
  
  49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score

1^/10
behavioral3 behavioral4
- Target
  
  Pollos/ICSharpCode.SharpZipLib.dll
- Size
  
  248KB
- MD5
  
  9e9e0a210297968aaf2e00d13958c0b4
- SHA1
  
  a32d2dbeac852718f285e26e3d9436a97879e55c
- SHA256
  
  cb9c05b5a1e1db26ff43490ee26f2e02abae3f321d2dd5ddd43a68da48eab83d
- SHA512
  
  d90deec822f12c55a77e1defba102c3ef803bb463afb43123dbd2fee24d876bb670d71db74cdf799eafcffd74c8afa19de36c3c2f2fbd2fc588e28580f344a53
- SSDEEP
  
  6144:1XvJj49GIq1a+L0g9FWz1SSA2ltaccym865I:v49GI2a+1FWZH+cw
Score

1^/10
behavioral5 behavioral6
- Target
  
  Pollos/Inject.exe
- Size
  
  4.8MB
- MD5
  
  d0d3ee3e3310852064d0417f461a854c
- SHA1
  
  d1df210e830ba630d87dc00e8c16ceb16f7ce950
- SHA256
  
  e13d707559463de6dfda00dfbae4eec1c42441f8f63a0dabb134dfc7ce8da85c
- SHA512
  
  06a8db83892c1c2bf7b2575e5a6849b8a912a5a5cabd9baee8fa6073d699e7550a2fcf7284e6ca172f0ac10f4cfd512dfb98e6d1f9079e20569b78fd04c8d166
- SSDEEP
  
  49152:3SqNT7OeXgwZJLuHz1XmNnDDGjyAlqp53PeksTdnHdnndn+dntttk:nFPuT2K
Score

1^/10
behavioral7 behavioral8
- Target
  
  Pollos/Monaco/Monaco.html
- Size
  
  6KB
- MD5
  
  c92f106a09dafccb4573d199897fa642
- SHA1
  
  f8cf6a2ff2cffdc2f3a84277705b9eb1a8d1dfdd
- SHA256
  
  40cdabb8e90643505e73fc6c5771928c1fc45e8b4afb0d7e94742b41b209ae0a
- SHA512
  
  74cc96543ed2417e7351f343ba091b44d42e3b151d524a88f929cffb68d54393c0a70b424046a3c814241ba1bb0fa3383b954720332db0db5e92817e8c64de2b
- SSDEEP
  
  192:wEod3PorvXhP0Qp5keghKcCI2MCTJ3+NLSaPh/WCY/jt:ud3Podcw5keghHwjt
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Pollos/Monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Pollos/Monaco/vs/basic-languages/bat/bat.js
- Size
  
  2KB
- MD5
  
  4cb475399c4490eea41982dcd6d9653e
- SHA1
  
  fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185
- SHA256
  
  9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40
- SHA512
  
  27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Pollos/Monaco/vs/basic-languages/coffee/coffee.js
- Size
  
  3KB
- MD5
  
  9d0c4ac1691eed0a480c3e9246490d29
- SHA1
  
  38258864fd070c35cec6b68715d58771df9fe3e1
- SHA256
  
  e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9
- SHA512
  
  437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Pollos/Monaco/vs/basic-languages/cpp/cpp.js
- Size
  
  5KB
- MD5
  
  0a16509e6cd0155fb622e785cfe976c7
- SHA1
  
  7afa7f823191c43d7a4bdd7d91577495de62c21a
- SHA256
  
  a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b
- SHA512
  
  2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d
- SSDEEP
  
  96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Pollos/Monaco/vs/basic-languages/csharp/csharp.js
- Size
  
  4KB
- MD5
  
  f8f841d13c9220e15dcd6bc386b37ba2
- SHA1
  
  2b8b7003820d19ed83afde98c845db5e3d5753f8
- SHA256
  
  6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f
- SHA512
  
  0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5
- SSDEEP
  
  96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Pollos/Monaco/vs/basic-languages/csp/csp.js
- Size
  
  1KB
- MD5
  
  22ada25d590811dcff4e5f5d698e583b
- SHA1
  
  c43d4846967d5037ef05b102e49d1fbc54e45fbc
- SHA256
  
  4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789
- SHA512
  
  c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Pollos/Monaco/vs/basic-languages/css/css.js
- Size
  
  4KB
- MD5
  
  49ad30f1151cfd7a74677fdc6dd13da9
- SHA1
  
  286d47f0a4cfa26da2e4d1f1317a8c87000bb5fc
- SHA256
  
  bd331fd3bd2c37b0c3150035325f163ac9266bf6d942310764815e676d856d91
- SHA512
  
  7337706bfd5bd54938da0fba35e97f8e5780491c04b58d43fc6d905bd2dca92897f1ed8d48e42665f166da7684cc6e29a63ae73f8d3779a9feb97c397a642f0d
- SSDEEP
  
  96:hFDMgRsozIq+q17qcq6V1+/aMj1cqTroIrqjKf8O3lzXY0Jc:hZzzv9VmjoOf8O39XbJc
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Pollos/Monaco/vs/basic-languages/dockerfile/dockerfile.js
- Size
  
  2KB
- MD5
  
  e32de981bdaf75e6ffb8fe40bc955a68
- SHA1
  
  bef1af7b26ea01c987c7a6295bb7192d83a32068
- SHA256
  
  65b86fc54e9b35d6cb84f01dfb905680dbcad6605757de1d6bca84e3029889af
- SHA512
  
  a3eadd8c1389dff6c2c6e595efff69be3a573d01e4e16b8e4a8b28f63e4c48c9c439b5dd93666d81d703d1c6b5bf927cc8e47d04af270128095f0d579407c2f4
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Pollos/Monaco/vs/basic-languages/fsharp/fsharp.js
- Size
  
  3KB
- MD5
  
  de122b3bc44a8714f386dc80282dcb12
- SHA1
  
  06888a9b616993e9af9797cec64c6d419065f2cb
- SHA256
  
  1390079babc117d3f376735780d98f409f317eb4628d17106642c6933ea1da7f
- SHA512
  
  ab48f2e5bfa6ea0024530141bb5d35b9090ee0254a3e8f8b86fa36cc8c2fca8000a3caafcfffc1d83e21c488e1f1990c91f537290b54fbbca1d3c7be090dfba5
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Pollos/Monaco/vs/basic-languages/go/go.js
- Size
  
  2KB
- MD5
  
  5b4484c914cd97aff4510b803f2517ef
- SHA1
  
  8f275ac36c57c4c464e30f92f525ffbd0fd436c6
- SHA256
  
  46d1757c3cd3dbc3c7b465a338880144922a1c34c30e36f06ff2db8c2ff75b86
- SHA512
  
  b34c64f9997f4b72760eca270d2a0c2e22d83467d3f0bc82e7c0e63d62d8f9d74a144a28d676a223cdefef417af723801ac0535375d0dd64bb3a81e87617fed0
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Pollos/Monaco/vs/basic-languages/handlebars/handlebars.js
- Size
  
  6KB
- MD5
  
  3ca7cf83292b56444548f2914c0e1811
- SHA1
  
  4be5b1adaa187d82a94967e6960d811acd700b93
- SHA256
  
  31d25588d120e7c79f3332ff3b3c794cebd0554c7578e3bb37b3cac366e4f6c2
- SHA512
  
  2d337b64def0d42f8bd6476cf31e806f67f77d26c95c68e75574fc310f7974852a810f8b197238559a2cb20d07914de5844481477321cdcb2c68c47da9088eb8
- SSDEEP
  
  96:hFDMgRspITV1+/I/+B1BerJzlWK2BZwIBTIwbcdg6EHpf4Og6E8S6g6EB+FpAjE3:hZhbYbQRld2BZ1O0p4OE60+dMZLDs
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32