agenttesla | d3874df3530f290394d4e73e194e16e02665cd7aa47f084cc8be30a0a4ee3c66

Sharing

Copy URL

Twitter E-mail

General

Target

Vex_cleaner.zip
Size

76.6MB
Sample

240819-pck7wstanf
MD5

5f211f4951fc689d81cb0c2e7ef2c6d3
SHA1

4731234d9349778a7ddf53ab0c9a77d55e962563
SHA256

d3874df3530f290394d4e73e194e16e02665cd7aa47f084cc8be30a0a4ee3c66
SHA512

c60e5e60ced8a390bfb091545c5262e0b403808c381a543e11be2f9fe00d35f1944ed569d12819b94789e5304f964f49addf380e4684eedaad34aeb2598fbd2d
SSDEEP

1572864:GHE0BwO78KJfCGVNSZRI4vrBcsYoQTnbO+LR6peexv2laT:Gk0Bw63JFi88QHRkeq

Score

10^/10

agenttesla execution

Malware Config

Targets

- Target
  
  Vex cleaner/Cleaner src/Cleaner/KeyAuth.cs
- Size
  
  36KB
- MD5
  
  4e7523d460eff2f8f71f48a678792d6e
- SHA1
  
  0b7b0cb76e08f06142e3f1e39a4d8d43187b6cb4
- SHA256
  
  b67a4b16b91509c3ca1c53011246aadf2e3d28ef003de30380adce2170e960b8
- SHA512
  
  476ca8000560e09ef6acc4e5b39106eb6f657aec5bed13dd07e1004c7023fb1e55a6525f6a2956e91c86f06135e8b0e606c282c452b54095274c087340d86fbc
- SSDEEP
  
  384:garn4v2lgrqbPrWLfDM/UkqsignT3v+m9tKz84kOvh:TMd1wf+m9mXkOvh
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Login.resx
- Size
  
  5KB
- MD5
  
  59f6affd7640af4fd1f977863c7ce828
- SHA1
  
  9a7ea0ef93d3e5a48300526dbcb0f374ea465e88
- SHA256
  
  3dfc6b4612394b8a4f8486a88eb60d2f1aa1e37ace01c6f4a1f0f7e87d7139f6
- SHA512
  
  8a94c57311e9fbd8d70d8a886849b50c2d25f828884886f692cf7a9da55e1024031dcb0eb78809213a3f89d2924bc00d6207bbd800084fba5928b3b83000982b
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFzjba2:KjrbLPD9sLvIzSvKgIqUyahF/bawn
Score

1^/10
behavioral3 behavioral4
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Main.cs
- Size
  
  17KB
- MD5
  
  3bb0b853fb481bd29473b040328ca859
- SHA1
  
  63795da068ed5bb8195ba7928a4b8d1efc252f33
- SHA256
  
  3d5316e03df67747f31e466753aee4ece73f521d8f889a5dd5432aa22a20d2d6
- SHA512
  
  a2835c62b793eb4c1ea54e8730a3a1378de4b89f2721e0d14ce669bfb671dddf65cd7e4a16be00cec4b038b0b93ecc5db133dc1476c03e74b7197f8f6d36a7e4
- SSDEEP
  
  384:AKrZ4HE5wH+zkLjwtXvYfL5rxqcjpQepr:KumtxXJ
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Main.resx
- Size
  
  5KB
- MD5
  
  59f6affd7640af4fd1f977863c7ce828
- SHA1
  
  9a7ea0ef93d3e5a48300526dbcb0f374ea465e88
- SHA256
  
  3dfc6b4612394b8a4f8486a88eb60d2f1aa1e37ace01c6f4a1f0f7e87d7139f6
- SHA512
  
  8a94c57311e9fbd8d70d8a886849b50c2d25f828884886f692cf7a9da55e1024031dcb0eb78809213a3f89d2924bc00d6207bbd800084fba5928b3b83000982b
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFzjba2:KjrbLPD9sLvIzSvKgIqUyahF/bawn
Score

1^/10
behavioral7 behavioral8
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  0c88a21307b52816ba86ae5f2cfda14c
- SHA1
  
  4ab49c3b9c5595088b8912d469bb0537850f12d7
- SHA256
  
  06839e0c652d4de336c01eb755b1a61dc0fb7e983d60dc4e54a145f29f31ea9c
- SHA512
  
  af400b802dbd135298a0a76ee3ab3653dc4345602564e588a2b93419246424eb0d2f37395e7c85c402c33e705e824e70fb2cc7c713a6caaf8ed00f276e351975
Score

1^/10
behavioral10 behavioral9
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  0cd8c971317d19bbed44757809bcb92b
- SHA1
  
  47b15748ecc8e952c5935170090db7c269ce4b4f
- SHA256
  
  66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262
- SHA512
  
  883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2
Score

1^/10
behavioral11 behavioral12
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Properties/Settings.Designer.cs
- Size
  
  1KB
- MD5
  
  44cefdb167d3e9a85563ec679d072d89
- SHA1
  
  7b72a32759bd7fa37d39346ea6775b54a6df69e4
- SHA256
  
  598f77f3114a3b2a3e438c6e1cbe0f6ac10384a13ff63054c7ef4370adb3655e
- SHA512
  
  f0c7eb67bc81789c89f60a741ad5b6f3872fef4ba969a856709556638985de8a46a0ba8c369f22131ef814dfb3886aae77155355d0ebdcf8d4451d0762b43664
Score

1^/10
behavioral13 behavioral14
- Target
  
  Vex cleaner/Cleaner src/Cleaner/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral15 behavioral16
- Target
  
  Vex cleaner/Cleaner src/packages/Costura.Fody.5.7.0/lib/netstandard1.0/Costura.dll
- Size
  
  4KB
- MD5
  
  501981c7fc457d59238eb99780efb615
- SHA1
  
  f1f25c01f6acf33bdd62c4f82d3ef078e76f0906
- SHA256
  
  41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3
- SHA512
  
  5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8
- SSDEEP
  
  48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2
Score

1^/10
behavioral17 behavioral18
- Target
  
  Vex cleaner/Cleaner src/packages/Costura.Fody.5.7.0/netclassicweaver/Costura.Fody.dll
- Size
  
  193KB
- MD5
  
  d6ef4e35f96629ba9f9176cfc4d93b38
- SHA1
  
  2adee63def25e2a5993ea793180634a1d2946fd7
- SHA256
  
  f925017acb08ca6f8e99cd28cd6140c153efe5b241111de36b8b917a302794fa
- SHA512
  
  d7abb5932d7b0521816137c946a80400cf573a5047c440b9a78c4670b6926e7ae130608e6b2fa0b5e65478bf986d0e089168a80e13770a0bf91ea7a5529dd715
- SSDEEP
  
  3072:y+bjLBzNAiYBnAjJuCxp8kvyUUs38lsDJ5Qt/Dxk4HA7lmmVtGzGzxnzmoMi:y+bjdzNA64DlAX2zGzpzm
Score

1^/10
behavioral19 behavioral20
- Target
  
  Vex cleaner/Cleaner src/packages/Costura.Fody.5.7.0/netstandardweaver/Costura.Fody.dll
- Size
  
  196KB
- MD5
  
  cc6fe95d22242e0eaecc751647bb58af
- SHA1
  
  1aaa019f088fdd20862f97217bd347331b5bd714
- SHA256
  
  f8d0bbf51d54411c96b26fcee9a60d73b1170c40acb5586c9112f5bee6a23acc
- SHA512
  
  7e6df47eef146a9a87633ba6183121e1fffd1c3e330a2cc22bb0d915d54e162d589b8250ce867c3002fd49668f704adc0cb465afd8deed1efe7710b6e7eaacec
- SSDEEP
  
  3072:t+b5zlAkYBmrJuCxp8kvyUUs38lsDJ5Qt/Dxk4HA7lmmVtGzGzeIq5zhou:t+b5zlAS4DlAX2zGz1qla
Score

1^/10
behavioral21 behavioral22
- Target
  
  Vex cleaner/Cleaner src/packages/Fody.6.5.5/netclassictask/Fody.dll
- Size
  
  54KB
- MD5
  
  eebccd5445e6718327dc9ddeec0a05fd
- SHA1
  
  536be78f16d80b9ff4c988aa4240d6f3a5398750
- SHA256
  
  9c3d1a0091a603d537aa318b8bac80189de93a4e376e9f6ec15390c323fd5338
- SHA512
  
  0a15b71cbfd150f04cb0ab9832c2042cebff569ee75285a74d9dcfffe1c23b1887d2fcf88805a24159855d2399cffb59fdb83bf3864ed0d91b5a52a9de5adb88
- SSDEEP
  
  1536:2GUgeGh52TCdBtbqleegmPMLKtNpQLqfHy+xgZ/TT8CZNhdr:2GUdKqfHzI/T9Z9
Score

1^/10
behavioral23 behavioral24
- Target
  
  Vex cleaner/Cleaner src/packages/Fody.6.5.5/netclassictask/FodyCommon.dll
- Size
  
  16KB
- MD5
  
  02b4adaa2495e04ab3a6fd03f0468efb
- SHA1
  
  bebbfceec09b37e7fceaa0a5867563396fae0afb
- SHA256
  
  04f9116467f2f894d48f0033c39a36a6813a37d4784a6d7a4d2df925511d51e0
- SHA512
  
  95a673973c91f472b714eeac74d94053ce717052118fc6e1cdb5bb27c4fefe380697ad5fcac6d132915420a1dcdd1829386b33e8888558d53b0e167727f658e7
- SSDEEP
  
  384:jeiGwElUsXsVJlFmd89kMLCLcfKy0K13DBnZYVhB:jeiGwElUsXsVJl8QvCIPxrnZYDB
Score

1^/10
behavioral25 behavioral26
- Target
  
  Vex cleaner/Cleaner src/packages/Fody.6.5.5/netclassictask/FodyHelpers.dll
- Size
  
  50KB
- MD5
  
  ec8aa2f38c6fa83becd691f63307094b
- SHA1
  
  14bd22d0784b96d73c0f1e40e64b10e882578d47
- SHA256
  
  26418e5dfc750c152f6884851b504a2f5d3ca2afc934d4b39b753f4b7b362caa
- SHA512
  
  81db04019805335cdfba38461eaf0bd945ec028fe1352412148883b601c116ff4b06e845b34ddea71afc2d4ca9ef69082c0717183d02a18569de500fb0d8196f
- SSDEEP
  
  768:uhBgN7xSVi92FHlW47zSTKd8dbpuJqytRzbRHKrem:uhBgN7xSVsUqQ/Zm
Score

1^/10
behavioral27 behavioral28
- Target
  
  Vex cleaner/Cleaner src/packages/Fody.6.5.5/netclassictask/FodyIsolated.dll
- Size
  
  40KB
- MD5
  
  059cb694f1ce247c96e7e318a42cdaf4
- SHA1
  
  12cfa96e9e797c644899cab98acdc2a5d11255c3
- SHA256
  
  1dd081bd37cb4b6b2ef5b84793ff6191f5841028648a5db7a566e9dad7dead0b
- SHA512
  
  900316a92dd33476c2882fe8fa35e77a09ac36bd94141a5fed988c496d5d1273e68302fa0c704a4503ef474dd6c0ec8bf0044e33fd4010b99b1e20ff580e960d
- SSDEEP
  
  768:yS6l9mpchJs+3NKHlPKYmpplcmq4HgFhj5mxD:J6lMchJR32lP+pplG4HgTj5mxD
Score

1^/10
behavioral29 behavioral30
- Target
  
  Vex cleaner/Cleaner src/packages/Fody.6.5.5/netclassictask/Mono.Cecil.Pdb.dll
- Size
  
  87KB
- MD5
  
  797be332f0278dd9cf9506c6bd7398f3
- SHA1
  
  14acbd89258e7653fd2fd8b044a4b13fc0190726
- SHA256
  
  883725203076127e02adea2750e83d88b3e4635ae84098f1a08fe995992d093c
- SHA512
  
  5cf0550c61bab52d10d9c73a9e445c5877294698e71aa0830ea76b67854842bccad73fdaac3066806e825dc4b3adc3e6210204377af971c09b3fa1fca91ac3fb
- SSDEEP
  
  1536:0OCAsdBo+am5OMwr5IFALYKXgAJGsZhajrmvjCXeq:vCjta0OMuIFArVJGqa/mveXeq
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32