agenttesla | 8fdbff40ffb8d74aac4a41da26ba2a21d7d5c624b0281fbeaab0a5ea563d113a | Triage

Sharing

General

Target

MasonRootkit-main.zip
Size

2.7MB
Sample

240901-w4anssygkb
MD5

26401090b88e9bd97eb3b5c5ee494767
SHA1

27ecd9f8cac617da36cc4a1118e6503592216804
SHA256

8fdbff40ffb8d74aac4a41da26ba2a21d7d5c624b0281fbeaab0a5ea563d113a
SHA512

3c6cdc3c713ede3da9d35034dd4bd740150fe78c9b67add46ff14d02b609906bc095cc4e5b943a002f6b61bfda4636088199beae904a714975ed8d73a9c9bd5d
SSDEEP

49152:j70nS4pfVkqgy6r3arxSQXy/HzY+ZYtl+sJbVcgVczQ6q1sg5VEbwsa:j7K5JEyUarxhXy/TCVcLlgr5ak9

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  MasonRootkit-main/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c97f23b52087cfa97985f784ea83498f
- SHA1
  
  d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
- SHA256
  
  e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
- SHA512
  
  ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
- SSDEEP
  
  49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score

1^/10
behavioral1
- Target
  
  MasonRootkit-main/Rootkit.cs
- Size
  
  206B
- MD5
  
  13b6cbe9358c5dfbef1e0cdc1e624363
- SHA1
  
  d16845dd50dd373a19e0f1bb7c7477f6796a49cf
- SHA256
  
  b3adec39923485d7ccc300861d3a3c4f37351d36aa8bf87105b92112a8980cb3
- SHA512
  
  964d8b1c56589119f95b054b93fb67706c20ca5a2f270f799b096e6ad4785246a77df41ab967d90eaed884ee8e5f97e91e743854fa5793fa92e413fbdf622aaf
Score

3^/10
behavioral2
- Target
  
  MasonRootkit-main/RootkitBuilder.exe
- Size
  
  1.9MB
- MD5
  
  c58cd9b7da83204709759dc5e0651ded
- SHA1
  
  38af136bf8c6d59072b5d726599f133fdde87e68
- SHA256
  
  9a5458bada986bcf60167b916f1eaec91dba0f31d10fcba6d1647a3c157dac45
- SHA512
  
  b27528ab44e8c41b226468c5a66fbed964f863989f1c9954532b9c22c1b8ab64003f150acf77d4ea00993e3500f8b370a6d1aba1b5031739598eefa8a949799e
- SSDEEP
  
  24576:xpgBmJY0T+Mql2mfH2aQREktRz0sHJzVhCLFs39j2MuTk9WxIPiPf9w5pxK:fZy0RqlxP2apktZ0spzVUQl9WKr5
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
behavioral3
- Target
  
  MasonRootkit-main/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  e517eaeabd955f1e0f83ed04a0e6dd86
- SHA1
  
  4a376b09ca00c7b934f6b444302773d0420ebd85
- SHA256
  
  d04369e2fafabb36fdc31fc63b9a4bfd2bba577a203ee8180f9b084d9b344676
- SHA512
  
  3c416235e0bb395b000b75f1358bde869c0ba2ff554b64821f5729f0580349fd8d1ba99ebc80e4b6dffa7b4741b4bb45570781d568fa9f5e3272de5d9108fe6c
- SSDEEP
  
  24576:qM8euVMm3NxPkVCHKJi9n/PfuMs31MkZxxYyULZ4GBXcO1QmPyu9IFCh2v1DZS31:vhbivwS2IPx+vn
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral4