agenttesla | f2d5a1669bdecee17615cb12cce91538fc0509fb729ad75484b53aa924d588da | Triage

Sharing

General

Target

WaspLoader.rar
Size

12.9MB
Sample

240903-jqx6qasera
MD5

1f57b31be0f4e54672397d5c4f46de9b
SHA1

e781ba218978944cb3fad89ec9507a1e985598ab
SHA256

f2d5a1669bdecee17615cb12cce91538fc0509fb729ad75484b53aa924d588da
SHA512

69d68b48ab2e6c33e618a74312ec2e419d82fd253827fa127514d6a36e005ad1050f8c9a72c42106095a81ec8a6c7fb1b230b985f15bf05165a2c79caad76ac7
SSDEEP

393216:4HMCLvqj37vMEaJK3Xfv7sKf0gDwa2nkWajZP:4HLL23gEaJMfDsKsMqkWy5

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  WaspLoader/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  70bbce41447ba33a3c7e8dc99d3e6175
- SHA1
  
  295ca6d304dbe2532b4ff27e283834ded38d78ef
- SHA256
  
  4a641ea243f6e8943cbad387e5730d9eb92ce4bcfd5d9d096a547927503e755e
- SHA512
  
  6ef6f383a2623ba16dba08fb31afd4e980981886653737274df84e5ffde322f560d1ffe71edd0829ea24461c5ea488bb92be751019b44c921bd919207e5fcdd2
- SSDEEP
  
  49152:HJE3dj2ZfrOQJarXvIwWQY6zlP46ATdeedHvYTKv1tZJCh+ajdV0n2w4FN:2dj2ZPY
Score

1^/10
behavioral1 behavioral2
- Target
  
  WaspLoader/WaspLoader.exe
- Size
  
  1.7MB
- MD5
  
  ded7171654d9f359e3f920bd97eea82a
- SHA1
  
  211ae6a3d881adc8a88e2ae625ae783342b2d572
- SHA256
  
  fbe79d5be3c54c322b4417a1633fa98fae73da97e30da6e22647aaa8ea47ec3f
- SHA512
  
  8bf30b9316f02fc9deaa808c7d47eaede9238242aa38f78954297ed3348d7e2272cd2c26160a6d0a841eeef1d532ad63734e77888926ba0b25b6e253dacfade2
- SSDEEP
  
  49152:9aP1jE577CLgoGZCn9WlGHQz+YmQxbxipU8IlJtLaSgwSreHTXRY1Ix798Lsqbv1:9aP1jE577CLgoGZCn9WlGHQz+YmQxbxQ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral3 behavioral4
- Target
  
  WaspLoader/inject-c.exe
- Size
  
  12.2MB
- MD5
  
  e6333b1e880f784228ebba74fcb76a88
- SHA1
  
  0ded82ee467b4012b45eef9878402f50b7be17c4
- SHA256
  
  c40fe901f365043c08b3053830e4bef1b496dbec93e6ca33c891f58f14006aff
- SHA512
  
  1c5bbd9b6cbd0418133186f5e977c7a66915ddd128e3a478acbc92042bcf8a3ee2b2f93ea23849caab1730a329adf96dfacb5d1d9453ccdd86266ddf8442fef6
- SSDEEP
  
  196608:QDiIMDzDKVkcZun3LVFh/Nx/UDvFRCTLFLmYgpmrvtjlHL9r5R3nRn3Z6Hw2lLFO:Ui/DY0bpNxGULmwvBlHLxN32V5s
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslakeyloggerspywarestealertrojan

behavioral4

agentteslakeyloggerspywarestealertrojan

behavioral5

behavioral6