agenttesla | 7e8e1b0b4ce282e22661de58d25566dbb93667614e5feb10d462b7dfed2ef9db | Triage

Resubmissions

08-08-2024 12:34

240808-prr9ratclq 10

08-08-2024 12:23

240808-pks8gaxbld 10

08-08-2024 12:21

240808-pjlr1axbke 10

Sharing

General

Target

Cxdyz.rar
Size

49.4MB
Sample

240808-pjlr1axbke
MD5

088d234249d5d06d664147c5f6af7e6d
SHA1

e5063390e93e539cb4245d6e6134cf897c03f939
SHA256

7e8e1b0b4ce282e22661de58d25566dbb93667614e5feb10d462b7dfed2ef9db
SHA512

83050f0923904b108b75274d0dac2f649db539970b8a7900b4322036340412f5a0fde37eb580a006dc9b590c5427f758312ec442a396da31e772d5bb03042673
SSDEEP

1572864:VI75bzmoo4AEGAVtUBZqB5YBFJPiBjiMqR:VI753mNzAVt5B5CbPojw

Score

10^/10

agenttesla execution linux

Malware Config

Targets

- Target
  
  Cxdyz/Flexer.dll
- Size
  
  331KB
- MD5
  
  6a0e13b24da1aaaa245bca6bbd7ab8a5
- SHA1
  
  5b3e5151d93afaf3aa2c7c662646b7ddb21696e5
- SHA256
  
  4800934f54a511a3e446aabda11315369c045ef80b82bb7550e9822cb2f8d50d
- SHA512
  
  7bbbaf3b3e6c4a50d3b4813f143febe3c4d48b881a7947ce4307fb73997f81e5107fcce73ee0cbb59f49035b78ff0f7b350bb89325c8bcd9363b393bdf2d680d
- SSDEEP
  
  6144:UAAbpw+JSN6nGQ7BU0wrlEVhY4AAkGcBaA7WCwmuoNCYH7UFfowKW+H2Fz:TADJSN6r7BUVBEVhVAAkGcUA7WVV0CqF
Score

1^/10
behavioral1 behavioral2
- Target
  
  Cxdyz/Flexer.exe
- Size
  
  143KB
- MD5
  
  d0b566a81cc36166344998426d351695
- SHA1
  
  79d9be955801bb25ffafc3a216a80cde82de1519
- SHA256
  
  b2a9cad37ba737f306f2523f8d46866705ff038e437cb342eb2255c1f9329a89
- SHA512
  
  5df8e27cff7e6716b49899c0d55d1962243b008b6cee775559198c318e2797f8c159d4469d03e9b2b552ad4d4f4d59903426383fba30ca436280bc19b002a4f6
- SSDEEP
  
  3072:HAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJs8lWxj:HAi4pxpRkyHRZa0Gl278IVNc+cWx
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Cxdyz/Flexer.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Cxdyz/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  b429ae86c5be521bc8ca3b164cec3acb
- SHA1
  
  387560073ff5a1f2191abc6f75fc34532bbb6dd2
- SHA256
  
  3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579
- SHA512
  
  eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1
- SSDEEP
  
  24576:DgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nFwHQL:DA+NOpXm1mnj0cP+DkhMAiawnFV
Score

1^/10
behavioral7 behavioral8
- Target
  
  Cxdyz/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral10 behavioral9
- Target
  
  Cxdyz/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral11 behavioral12
- Target
  
  Cxdyz/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral13 behavioral14
- Target
  
  Cxdyz/Monaco/.git/hooks/applypatch-msg.sample
- Size
  
  478B
- MD5
  
  ce562e08d8098926a3862fc6e7905199
- SHA1
  
  4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
- SHA256
  
  0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
- SHA512
  
  536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score

1^/10
behavioral15 behavioral16 behavioral17 behavioral18
- Target
  
  Cxdyz/Monaco/.git/hooks/commit-msg.sample
- Size
  
  896B
- MD5
  
  579a3c1e12a1e74a98169175fb913012
- SHA1
  
  ee1ed5aad98a435f2020b6de35c173b75d9affac
- SHA256
  
  1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
- SHA512
  
  d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score

3^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  Cxdyz/Monaco/.git/hooks/fsmonitor-watchman.sample
- Size
  
  4KB
- MD5
  
  ea587b0fae70333bce92257152996e70
- SHA1
  
  118ff5509f187039734d04456bf01e44c933ac19
- SHA256
  
  f3c0228d8e827f1c5260ac59fdd92c3d425c46e54711ef713c5a54ae0a4db2b4
- SHA512
  
  f5a4d2bff93161eb61b9902ff74d5ee20de3316f2b1c5ad49299deaf1adf231848c5501b6e4a840e5b898791f86c66eed6f3b05ff573073674177a33a1f2ae9c
- SSDEEP
  
  96:GFCscBOvOFXDgRvi/3eCwX9PlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRamCwX9PqRo7geEk3IzCa
Score

1^/10
behavioral23 behavioral24 behavioral25 behavioral26
- Target
  
  Cxdyz/Monaco/.git/hooks/post-update.sample
- Size
  
  189B
- MD5
  
  2b7ea5cee3c49ff53d41e00785eb974c
- SHA1
  
  b614c2f63da7dca9f1db2e7ade61ef30448fc96c
- SHA256
  
  81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
- SHA512
  
  473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score

1^/10
behavioral27 behavioral28 behavioral29 behavioral30
- Target
  
  Cxdyz/Monaco/.git/hooks/pre-applypatch.sample
- Size
  
  424B
- MD5
  
  054f9ffb8bfe04a599751cc757226dda
- SHA1
  
  f208287c1a92525de9f5462e905a9d31de1e2d75
- SHA256
  
  e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475
- SHA512
  
  cb78aa7e9b9c146e5db65d86dd83f04e2b6942a06fab50c704a0fd900683f3b6ad1164e74afe2f267f6da91cdff0b9ab07713e12cefc6f8d741b5df194f4fda6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32