agenttesla

Sharing

Copy URL

Twitter E-mail

General

Target

Generated Invoice and Log sheet details.rar
Size

6.5MB
Sample

240902-gap43atgqg
MD5

5193d25ff788cc2cccb1d9984f2c0ea4
SHA1

e13474361e8c4496776c6f0f87c56bf1b673820a
SHA256

ebe21adcf65530e322c179b36f545ec2c333b29ea1487bc42da9c357010e7b6f
SHA512

dd0247abf44e1fa07cbed7e06c9917f55586861b179ac59480cf6f132e62244604981a1a1dfa4b21cc4314e694a2c9b70ffe13ada904c5a607953e6dde0d0040
SSDEEP

196608:A8EnISh3AORZ4jq6gneKwA3Nc99UaXOJ8ObRR42SMBIC3wZkrh:A8EnIcAQYhC3e9kbR5Svgwsh

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
M992uew1mw6Z
Email To:
[email protected]

Targets

- Target
  
  Generated Invoice and Log sheet details/A Generated Invoice and Log sheet details.exe
- Size
  
  2.1MB
- MD5
  
  b4bb420bb7844058ee1bd589de80ca96
- SHA1
  
  d37da52973fb2461d43d9bd3e9cab7d6e2884ef4
- SHA256
  
  0e2bc71e9266b9564383f10edadee0dff2c92e542e2a961e44192d6397d169a2
- SHA512
  
  f18ed73023374b1627e9465b2e94a3bf456bd339d3ca3eb3b8caf5e783d5eecc54593f731a37a36c0095329ad3514853a147499249741bb864bc21bad9d8cc3b
- SSDEEP
  
  49152:fvJsUOd7sB7v5nrixZxMRSJ/siV9Q7j4YnmBIHa7IYh:fCTmdzGb9E2h
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  befa6fc0d0359993410d60953d891cb6
- SHA1
  
  6e4f79aebbf3928a4f25eec1de0e078217d3a50c
- SHA256
  
  5adf2f6daa2e17effba1f96c0f38bd625d63b52a328add23cbe3ed7317259f73
- SHA512
  
  0ac868fa3135b86c0c34888f12c93fad58b560925d65b194d124114f39f64c2b6ceda0dc91c4a3044d112cfacc73a4be44151bcbebe7beac7c7abb6ed2f2b0ef
- SSDEEP
  
  384:wptnWm5C1WZhWeA2xlcPl1Z0R9zbAS4m4IBss264RE4TdE54Rr4RbiaGW4eqfqUh:wptnWm5Cw5A2sZ49zEDSpwfqusSF
Score

1^/10
behavioral3
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  30KB
- MD5
  
  d6f029bff29f487e497d278389efb240
- SHA1
  
  6a7b87b6c16fa81147572366ddca951c9b27ace7
- SHA256
  
  e06e375102970b78c448b131a01047e6876da4547aa9b649b8f4cc23d9656de8
- SHA512
  
  818ed85caad185d16762ebad0158a6bb7cce98867db42bd94e42903c8115dbc78480276e128e4fc4838ea73cc49c556582a8c19cac0ee696bea0d8d7e83aaf60
- SSDEEP
  
  768:7ptyil6JhgoR7QlKxnVbgvqxNJkVXK/Y/+p9:LyA6Qo7MKxnKvKNJYXK/5
Score

1^/10
behavioral4
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  cfe356452ae13fe062d83132e485bc9c
- SHA1
  
  4d0841bfdad4bcb80d56fd9f122ba5fafe411d91
- SHA256
  
  7ef025acc6f5ec8c6af5b0b6982cf55ca3d77d6d750222ce2fd5133bf5c7e77f
- SHA512
  
  b7c0b673799c1c3bc7388cb302ea15d0cecc15073b9be5d3e727b69f6b53eb342a90d482a1a4d6379562d0915e2d930de6bc3dbe5f9a1a7c31a5c65a004471f8
- SSDEEP
  
  384:GWZhWk2xlcR6lQwR9z20+OCo4m4IBss264RE4TdE54Rr4RbiaGW4kZc4E84q4Eop:Bl2YM9zp+XpSpzmsSu8X
Score

1^/10
behavioral5
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-math-l1-1-0.dll
- Size
  
  37KB
- MD5
  
  636cf78b5f94c5f161c3147579e7e15a
- SHA1
  
  cfb759d862f0d3f73a8d629856acdad68771a30e
- SHA256
  
  8f2afe76d4e96ffccc6de99988af830f99c8dd20307dd893a9f99a83b0cb18a3
- SHA512
  
  2daf15c16ac6d52c4083c87ac60e0c8963649fddf6770d130d7ae0a49c542bcfdb1c4170fff0ff4daca353ff4cd1a579ee8cdc699d992f3b5719760ad073378d
- SSDEEP
  
  384:L7yaFM4Oe59Ckb1hgmLBWZhWW2xlc0/2NcM6a1R9z/fh4m4IBss264RE4TdE54RB:fFMq59Bb1jsv2z+n6K9zkSp5sSA
Score

1^/10
behavioral6
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  37KB
- MD5
  
  61d1cdf7fdd9fa3975135a5b765fe270
- SHA1
  
  d934ed319bfda3dc8b428cb6ca8fb98bb59fd84c
- SHA256
  
  49eba98053447b3a93282eca24be02cb599296b447e10386fe69fa4ae00da457
- SHA512
  
  8d5a7ba5cb1a21c95951396313fc06da77356eb5e3312da5c8b780810b6be50661420a1f6706516581a8805cf1586171bff92c864ac11402f605cce75d7a7295
- SSDEEP
  
  384:9hhvLPmIHJI6/CpG3t2G3t4odXLBWZhWX2xlcb5P1Z0R9zb7154m4IBss264RE4h:HhPmIHJI6qi2wZ49ztsSpoqSsS5
Score

1^/10
behavioral7
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-time-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  6a47d26f8540172807ebb75309fedd9e
- SHA1
  
  35c7bcae9c639dccc236aa6246397493bbf72ca6
- SHA256
  
  4f4597eb4d1b03261cecea807e48b518cff573547be0a5031b08140da8d570f8
- SHA512
  
  1627fc13e8e010d2220ea968fa188ac813878e426fd34c8f5b546bba9d265a0846bb85323aeab7ec2f5e18e23e9ddbf8fe69a8dbe1acbcace9304510f7ae850b
- SSDEEP
  
  384:HWZhW02xlcS71Z0R9zbK2J4m4IBss264RE4TdE54Rr4RbiaGW4RQyb4E84q4Eo4U:WJ2DZ49zuSp+HvsSh
Score

1^/10
behavioral8
- Target
  
  Generated Invoice and Log sheet details/api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  29KB
- MD5
  
  2fa7078b24dbc8409fdebccf7b1873c5
- SHA1
  
  77c8853d5d4e93f2b77b2e0ae8ee1ecb0c963a49
- SHA256
  
  9f6f69ca2f9dbb5868735f91fa90146d5ed5ffcddf8cbc859f85c9d4c3539c33
- SHA512
  
  3fc2d17d7946f2c425aaf1837cc8f21272f18f8c197047315ae7d3e64c072466acfa4a252202d6955d0a33080071c326362fa5b53ecdd492c8693d4e13dc7365
- SSDEEP
  
  384:Y/f5WZhWJl7Cj05seyR9zuXfIuff4m4IBss264RE4TdE54Rr4RbiaGa4e4E84q4b:Y/fE0dCj05sN9zAIufySpXsS7
Score

1^/10
behavioral9
- Target
  
  Generated Invoice and Log sheet details/d3dx9_43_core.dll
- Size
  
  234KB
- MD5
  
  9aaa6346e9db04670aed765e2f4baccf
- SHA1
  
  b0d05b3c2cc7718c685d6a2f8ae0b5c90b4f8d67
- SHA256
  
  5e6a2633431a208d75b7c45af5e7b03d8e718c9bfa2b555eca4ddb1b783e910e
- SHA512
  
  327c2e6def5b7b9ba69594c153609d7bce5f2b594df78add90469af5c78c53aa9fadbb19cf7eb4981e4e3642ccc00dcb520ef71a4cae2ef43afb34747ccbe157
- SSDEEP
  
  6144:B4bAOFx6oEYhonorMP1v02ivE/by31OCwxn244LJzsF:qTxwYhKorMP1v02mE/byoxn2/KF
Score

1^/10
behavioral10 behavioral11
- Target
  
  Generated Invoice and Log sheet details/dpcmi.dll
- Size
  
  1.3MB
- MD5
  
  74ff35f6b53e12e14663ba6e24f19d6f
- SHA1
  
  bf118fcecf54f60fb8958d028f9f7daa268b5b2a
- SHA256
  
  02eb0b77636924f973aed244f74afd55f182f04bd67c06460df5f95e41e495c4
- SHA512
  
  e2645c1eb30595bdc8cb68310a658ac2763d36155d4a9dc2e0235b303c2d9cb736c3450cae5dca4c925e1d5ac407dfbdf6224b1bcf8fccb3c969ce997ebd55a4
- SSDEEP
  
  6144:jYMsjz7yznfOQsvmtI+vqsF221uptFDRF948b93bL6eFmoj:jYvbvQsavqsNup7DRzR6u
Score

1^/10
behavioral12 behavioral13
- Target
  
  Generated Invoice and Log sheet details/msobj140.dll
- Size
  
  122KB
- MD5
  
  7e7e57b869ad1aa69597baf673eda59a
- SHA1
  
  863cbf8b623da7ab91b9678515eb62f27503cea0
- SHA256
  
  3bc5f4916e82a0d01842fff8da863ca8cb51a080db0c4a67d6e13861ce7e5822
- SHA512
  
  aff7e5fe133d30316396d192ad45e6c32e45ea8ed9399c73da7a72a74aecd898146ea5c63343e472cbde448880eea26e94cdb5c4f557b5f0833a9589c8b7a381
- SSDEEP
  
  3072:GI1JsSgNysTDNGspCU6SW5VKfZcnk3iY3H9i:GI1JsddVGspT6cUw4
Score

1^/10
behavioral14 behavioral15
- Target
  
  Generated Invoice and Log sheet details/mspdb140.dll
- Size
  
  325KB
- MD5
  
  9c1f31cbe397271946dfc7ae58006697
- SHA1
  
  6da580740e259085641dd60b65ca9c51bf4d807e
- SHA256
  
  e7763208dcd8bec201a8bcf76961471b01987bf3bd0d9c1d81e67f42bbe7fd26
- SHA512
  
  7d5e7b6d9633cb80b7c1e78b6f3cdb4c3e6feef5ec18e80b62a4e03e23e2ae61696284d009f877c2000c5e6018a9c16de293c3c1f4ffde2abc999f8afa0be1d7
- SSDEEP
  
  6144:o++5r5aUNdfKUCXAM7tmFL9TBWOf3iWq/DRBWAo58ELTSKMY9cOw:o+ar5aUNdSUR6tkL9TTS6bw
Score

1^/10
behavioral16 behavioral17
- Target
  
  Generated Invoice and Log sheet details/mspdbcore.dll
- Size
  
  739KB
- MD5
  
  8a1f558b8eb6cf674f186311c171d042
- SHA1
  
  9035a86b3fc5eb192b3d98e7dc551193bb5e2edf
- SHA256
  
  3193ff0b3db506c6272d21014b802f5a4e49ed7949b06c86029ac91ad01a63f1
- SHA512
  
  a59d1a1cd6ce3bb748d690ca4eb3a4ef68c2094e69c139ea9b082b0b3fb0ba05089bac59fb02d532372d2de618d369680bdfee8ce9f4404248e77d0c6b382c36
- SSDEEP
  
  12288:r+2YiTo1wE5qVGCWw/ZKpeh3ZY9Lzmz0TbSqHwR9TIKTegHBIQ:1YooyE5qVMw/cpe891TbdHwHTj/HSQ
Score

3^/10
behavioral18 behavioral19
- Target
  
  Generated Invoice and Log sheet details/mspdbst.dll
- Size
  
  712KB
- MD5
  
  dd7794427afaac0423e2ab51334bd3b5
- SHA1
  
  3d5cd93de061baab4de7a0c3a1792316f0faa2ef
- SHA256
  
  6373130e0217ea57f8be9d179dfcd2d19cbc935b5680966211218be69958b87f
- SHA512
  
  ee88d8157695e801bc9345fa33bb5617270e8f2b983a5154738932cd45058f7fab80b29a000c0dd5da7981632bd212c955bd07cebe3a2e26a584afbf7690c132
- SSDEEP
  
  12288:TOFh6QRrE87Vzz4GUwQrpJE+w3QtrO8FungCgaa9TEGosTHX0IZqMm:6Fh6QJE87Vzz4GUllJE+wgtrsnDg3TEJ
Score

1^/10
behavioral20 behavioral21
- Target
  
  Generated Invoice and Log sheet details/mspft140.dll
- Size
  
  2.1MB
- MD5
  
  864c934dca0b5d6fa8e58daf76bd088a
- SHA1
  
  a0c76bf78be01d12b89223de2e1d0d776c95711b
- SHA256
  
  32deea970cce79e398c55f75cd94f6ffa11362abd95be2fdd01c6f98aa4bf6b2
- SHA512
  
  2e966a20b3643490cda43a71e9e575d664c5b93964760625c100d9f10ffc931a02a98ceaa618fb636873806d0b5ae9c756e1acb397d960fd1083b0b67ea4889a
- SSDEEP
  
  49152:GBJ0ReQFL4RG/L5x17F+rcs6EibjdOzRDc4RE4uwN9i5q3A:lqGjvpd4VX3A
Score

1^/10
behavioral22 behavioral23
- Target
  
  Generated Invoice and Log sheet details/msvcdis140.dll
- Size
  
  1.3MB
- MD5
  
  2c9ddfcf43fcfc51de922bf7989e20d5
- SHA1
  
  d4a8f96217c35513d048abc24992414d075993ae
- SHA256
  
  b039497f9b0d63a408f7b562bae3401d702ede0828cc2c5ee49d8f875900802b
- SHA512
  
  f30973033dad3ce8445c1cc85f36031bbd2c4224c2bb02bec853c3431a652c9598d80d8a230b2a2b2c93af07a93767f068424aa3182ed690ca4e90de4af72905
- SSDEEP
  
  24576:P3KsWmXkJrCAsX6jjhYeh84m51bn1a/gjnb5GQ:PKsb6CAsX6jFKb1wgDboQ
Score

1^/10
behavioral24 behavioral25
- Target
  
  Generated Invoice and Log sheet details/msvcp140.dll
- Size
  
  554KB
- MD5
  
  0d89995cc45c7eb40e5a7e287506c1e9
- SHA1
  
  096c27b06ee7fff2bcd290af0264cdafd04cded9
- SHA256
  
  e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b
- SHA512
  
  3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63
- SSDEEP
  
  12288:Q7dqZ1EqSGQEwkcz6sm7UtgZ/29z7mnuMG7NaekWdgJMKZ+h7rUh0wvaQEKZm+jl:QZNg+h7r6iQEKZm+jWodEERAW
Score

1^/10
behavioral26 behavioral27
- Target
  
  Generated Invoice and Log sheet details/msvcp140_1.dll
- Size
  
  24KB
- MD5
  
  c060bb176a671f068362db2673a08c5e
- SHA1
  
  1d6b4ae5e778f1daf3573d4817777a51c35cbac4
- SHA256
  
  768e0829decea713afb35a7de07e276f051581c8ff2c17e1bae9b07dd1445dd0
- SHA512
  
  78a6c8f76d3ebd8db9c784d7775ec44647c4776fcb11d0b32ae2b3a6f2837c0b3be12f053ef6a25811a68da17d0eea83077521f496e238757f5539b445a58a7d
- SSDEEP
  
  384:yXt9apR9PFQN2eWc75gWPCRtHRN7U+Hj+R9z/r:yXK79PFQEkkRt7Hji9zz
Score

1^/10
behavioral28 behavioral29
- Target
  
  Generated Invoice and Log sheet details/msvcp140_2.dll
- Size
  
  182KB
- MD5
  
  94bc7a22ec7308f851cc58fd6de90b2d
- SHA1
  
  cb4d8dcd2c8e9bbf049c1628246cb12cdd34b353
- SHA256
  
  5c12eaef6db18b168f712bff9b55793e0effddf15b89552e7f5ca4f8f1887b9b
- SHA512
  
  87791e992ccb43c833ea6ef2b0fa146031e0fd26305c93d77bc693473292f5b54d36516f3294edcc1c253d2decc166fdd1767c659f65e7d7e447cd8c318b7c96
- SSDEEP
  
  3072:+o8fdbDQ2RAIQSP3cNkquWHSWnwTXsY0YqgwAlrX/Fv1YqTurppM:+VZgIQDkgyWnZlfgX/1yrU
Score

1^/10
behavioral30 behavioral31
- Target
  
  Generated Invoice and Log sheet details/msvcp140_atomic_wait.dll
- Size
  
  56KB
- MD5
  
  6407c40330e6081689bb702daa5aacac
- SHA1
  
  24126ff2ddd568a6ed17134e539cad94e22152a7
- SHA256
  
  0193cdcff562f12218ecab5841fd6bbc4d24295cd8e4dcae960e2fb47cceb662
- SHA512
  
  445ab6d0e1f2e5d0ef520261122fac3f6909fcdc7c39df7891b395694f31a3b54a1f7f5dadc35701baad4431ef358481e725cd19f438362c262e4f936abea7a3
- SSDEEP
  
  768:xHzT4jKeYfXyHSRbYDN82/X/QL3CLwY9z+:BT4rpS5MN82/X/QL3CLwQz+
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Credentials from Password Stores: Credentials from Web Browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32