agenttesla | 534baf68b23474fd41c2320b64ccc61ba0a2cda9cf7539dcaac1cadfb61ddb76

Sharing

Copy URL

Twitter E-mail

General

Target

GathPortableSetup29.5.3l.exe.v
Size

96.1MB
Sample

240905-nkhajazbql
MD5

7f6a6ef2c51ffa3ffd4aa5cac09d74a5
SHA1

984fee23b14fa4e53d9cab8ab0aa289a9c3bb44f
SHA256

534baf68b23474fd41c2320b64ccc61ba0a2cda9cf7539dcaac1cadfb61ddb76
SHA512

12474e2b448555a48c3de61661f91cbe47372b0862684eb0d5c252c8973032c0775bac58c682c494ed6e6e3e51861389c1c904befd6b3bd6417ede87171ff66a
SSDEEP

3145728:qAH2SALB1KcYt3TIQt6syau0o1kYn6LlPNc8cGb:fWSgDYt/8syauz1hn6LMwb

Score

10^/10

agenttesla discovery

Malware Config

Targets

- Target
  
  GathPortableSetup29.5.3l.exe.v
- Size
  
  96.1MB
- MD5
  
  7f6a6ef2c51ffa3ffd4aa5cac09d74a5
- SHA1
  
  984fee23b14fa4e53d9cab8ab0aa289a9c3bb44f
- SHA256
  
  534baf68b23474fd41c2320b64ccc61ba0a2cda9cf7539dcaac1cadfb61ddb76
- SHA512
  
  12474e2b448555a48c3de61661f91cbe47372b0862684eb0d5c252c8973032c0775bac58c682c494ed6e6e3e51861389c1c904befd6b3bd6417ede87171ff66a
- SSDEEP
  
  3145728:qAH2SALB1KcYt3TIQt6syau0o1kYn6LlPNc8cGb:fWSgDYt/8syauz1hn6LMwb
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  25KB
- MD5
  
  40d7eca32b2f4d29db98715dd45bfac5
- SHA1
  
  124df3f617f562e46095776454e1c0c7bb791cc7
- SHA256
  
  85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
- SHA512
  
  5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
- SSDEEP
  
  384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  d1eefb07abc2577dfb92eb2e95a975e4
- SHA1
  
  0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2
- SHA256
  
  89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a
- SHA512
  
  eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e
- SSDEEP
  
  192:E6GQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoT311929WtshLAzgSrX8:E6Nt+4t7uJalUnGesY7Lt8nC3/Yosa
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  192639861e3dc2dc5c08bb8f8c7260d5
- SHA1
  
  58d30e460609e22fa0098bc27d928b689ef9af78
- SHA256
  
  23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
- SHA512
  
  6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
- SSDEEP
  
  192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Accessibility.dll
- Size
  
  20KB
- MD5
  
  fb554f9fe0b91f135d26ac6459cfd6f2
- SHA1
  
  b1269a2c28bded872b14fe70b69484631ef3a65d
- SHA256
  
  929ea150ad45b7c7dd5427461fbec44d43b67c08081f59b42b6abf570feae271
- SHA512
  
  8dffde6cddfc59ec380111fd36048126559e1f1e080c081ca0d09021bb23d6888e93e1659c7b3a8fa46f76602b03cf3e638ec1a80fba79e51648dcb32362e10c
- SSDEEP
  
  384:qBmy0h6gSGRaOcHitWG/W65kHRN7lI+R9zJKBd:7SNOcHOUOi9zEBd
Score

1^/10
behavioral10 behavioral9
- Target
  
  Coolex.dll
- Size
  
  592KB
- MD5
  
  13034953bfef0f62b56f8da9c0241f05
- SHA1
  
  dc285a3549675369b0bd63b1490eedcdc3fa620c
- SHA256
  
  c3713f9104b664abe8712c35436c1bb02319017b6c8c7d27fce95b9cf54e1bed
- SHA512
  
  3b6b18685737acf20279f2d26b5d89f852958a46ce33214863b65a86fdc380a287ea2814afc7e9d06e366cd76eaf6a1328e3fda08ed21b19fbae088ec6d278da
- SSDEEP
  
  6144:8WG0YFxMEm0ip2amaatclQaRHU03jg9rT77HU03jg9rTV:83ZMH042tkR003UpX7003Upp
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
behavioral11 behavioral12
- Target
  
  D3DCompiler_47_cor3.dll
- Size
  
  4.7MB
- MD5
  
  03a60a6652caf4f49ea5912ce4e1b33c
- SHA1
  
  a0d949d4af7b1048dc55e39d1d1260a1e0660c4f
- SHA256
  
  b23e7b820ed5c6ea7dcd77817e2cd79f1cec9561d457172287ee634a8bd658c3
- SHA512
  
  6711d40d171ea200c92d062226a69f33eb41e9232d74291ef6f0202de73cf4dc54fbdd769104d2bb3e89dc2d81f2f2f3479e4258a5d6a54c545e56b07746b4c4
- SSDEEP
  
  49152:xCZnRO4XyM53Rkq4ypQqdoRpmrgBVYvkaRwv/ZD0/WYLDltog/RfznLeHTRhFRNI:YG2QCS6HHzog/pznA7T6VP
Score

1^/10
behavioral13
- Target
  
  DirectWriteForwarder.dll
- Size
  
  526KB
- MD5
  
  69044c681ea1eedca54d13ed97e1452a
- SHA1
  
  f4fbb066afa38be160fc4462994b2cdb67af5cca
- SHA256
  
  778936b5baf157c3a040955bc637936952e7b68c5aff83536d4b613ed9691cde
- SHA512
  
  4aed9e46d1670e6b85254bf905e4bcc53e3fa9d7e1b29d434c86ee42feb90a992e80057ad476ee4561389368ed8308e9f9548012d85dec26dcda9dc2ecb766d8
- SSDEEP
  
  6144:PQd8G8WEjiXSMYhtsOljgEk+hY8rY2JQT296UKf12fzfOqpo0EVbn95n3i1+wZ:P5G8WEjiX/Yvh0E9rY2NDJO0Cbn9d3S5
Score

1^/10
behavioral14 behavioral15
- Target
  
  HPSupportSolutionsFramework-13.0.1.131.exe
- Size
  
  178.4MB
- MD5
  
  feeffa482dd84836437df11dbd8ed0ba
- SHA1
  
  28f4ba7c93fdfe0dfeb75b7b5bfba8eeb9de0bc9
- SHA256
  
  14dd09292763f926d46c49431fa4f7ba57655095470b16c5e9b0edf60354b30b
- SHA512
  
  bee44f04e7f4a2beca5dbf12ce7692128e97aa49c34c51715dcb746e6eba1fc71bd5babf67988e8c23a27b5b1880f21ad7f4eef82d222d9a88da5d0b6ce2aed3
- SSDEEP
  
  1572864:Nw7SbroCw8KNHQETBC/fiW++dyTeHR8lcPRFRMA+QwaxX+svd:NMSbWJ9YfiWxPnX+sl
Score

8^/10

discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral16 behavioral17
- Target
  
  Microsoft.CSharp.dll
- Size
  
  982KB
- MD5
  
  8e7612cc8019d952a93d9b777e71b802
- SHA1
  
  d973dfb790614e9a5e7c3ce8b421c085d11937ed
- SHA256
  
  df495f74456ad5ae30a5bac440b4d3808fa2d13c377cce1afc0146b8319ded6e
- SHA512
  
  3a818940d3c6f5da11bc86c974a54323ae2a1ad876613790ffe68aa5b674c54e5de0c133614236f45a89de86a5547cae4f8e6f2c97d7874221b2b1a285e14355
- SSDEEP
  
  24576:XUpXJ0Hy8Ext+9whtbSa0wHVu9yH1sCzwUD/zD:EpXiHyN++tbLzHVu9yHXPjH
Score

1^/10
behavioral18 behavioral19
- Target
  
  Microsoft.DiaSymReader.Native.amd64.dll
- Size
  
  1.8MB
- MD5
  
  804b9539f7be4ece92993dc95c8486f5
- SHA1
  
  ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
- SHA256
  
  76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
- SHA512
  
  146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2
- SSDEEP
  
  24576:qz0s9kT3H8I0bo5rjwjnbRCJMy37DjZ3IrVynoT/RUqtMAIEohkGXTwImgP:qYs9m3H5rjQn1CiAnZ3yV+oTZQEoTTH
Score

1^/10
behavioral20 behavioral21
- Target
  
  Microsoft.VisualBasic.Core.dll
- Size
  
  1.2MB
- MD5
  
  3a037c21af5742650933cebf0521f3d6
- SHA1
  
  8b22127c4feb185c5d02d83b5f1fe3815821036c
- SHA256
  
  34271825351d9871583dead758b44676ef2bac56c4b7ac7124fadb087ea44f6e
- SHA512
  
  3451bd4b3053d3834f07fc1d0d6a691fdadab2b7290d1ad21b48e9f319249aac89455b1caea463beb4b2910b90b7f8a518221b2f3b0e3863beca3104030c8ee3
- SSDEEP
  
  24576:qFMvfAlbPZy4jHHa2frxkxRecGSIsRv3i6hFqQX:qFMvolTvHHa2DqT3i4
Score

1^/10
behavioral22 behavioral23
- Target
  
  Microsoft.VisualBasic.Forms.dll
- Size
  
  242KB
- MD5
  
  79fe89013356423a12f52fb8a09a54c7
- SHA1
  
  3e5fda4b2c8d3b41c9b88404a01a2b8dcfd06ebe
- SHA256
  
  62878ad85c315f06a00f7f1f543bba3f411838e80fb7bfe4d6f6ec935930efdc
- SHA512
  
  3a3d927a7944b40fcc6990c94574eb42b1e7fcbbd29f405d0dc5471c63549c63f7b7c61a3d17c2fd33cfc21c4bab0492e6532b6542cb4d24e10bd9dd0bb249d3
- SSDEEP
  
  6144:K6IA96ZdbZRjEtB5dzAbxbDme2NUIPOzQI:f9MbYZdGpgUwOcI
Score

1^/10
behavioral24 behavioral25
- Target
  
  Microsoft.VisualBasic.dll
- Size
  
  18KB
- MD5
  
  e5ce0f3a5d15d8b6693724c40197a9fe
- SHA1
  
  2e0b6bfdbb5c185ca71fe1d5b5f0eab18d568471
- SHA256
  
  9d20ca17355838ff3d2f3c89fbaf7c705bd01d297d1eb589489a84f6430da894
- SHA512
  
  3b87f295c1d914dc1ae95798e2ee1fcef40dc0ab1688ec247d4c2c777c253912980ecc8bfba11f0327a9d8bda9c1c36752de9ba936cba902ccb4cbfa7e82a26d
- SSDEEP
  
  384:+2gfnShxL2GlzxWmHr9QdWTTb2HRN7AxR9zr75:+5n6lZlzX/iA79zh
Score

1^/10
behavioral26 behavioral27
- Target
  
  Microsoft.Win32.Primitives.dll
- Size
  
  15KB
- MD5
  
  300c95ff95b52e8a02fec6bfcfa58225
- SHA1
  
  b646f89fcd463ad5c19889b4fea40540568b780c
- SHA256
  
  f1b40565e5c4c41da810aee5b7d2272a0906e88f796812435aa5ed712bcac40c
- SHA512
  
  9bfe0eb6eea98b2d35aa42986a273ec82424143965e173b32bb4b7e5537580a027940a6952a45fc54f0b665e871deb2a95651106c2f24c7de3b3d3cd2dec7e89
- SSDEEP
  
  192:Vi0pAxFWh/pWYuWXebPpUNTQHnhWgN7agWlnfEl+X01k9z3AE1a9Fb4hk6gn:ViMeFWh/pWYTb2HRN7cY+R9zF1aLchkv
Score

1^/10
behavioral28 behavioral29
- Target
  
  Microsoft.Win32.Registry.AccessControl.dll
- Size
  
  34KB
- MD5
  
  8ed7b1aa897a85bd5619220f28be88ef
- SHA1
  
  539839a6fc00d462340d569fff8f42b06010df8f
- SHA256
  
  9ee0d84655655e39ede6d23aed940c98a3a8eb6270d878b252ea1720f750cead
- SHA512
  
  2caacc3f8b5084effeac526873365697f72e242fbaa71a94fe5e739dbfe5dd35a85ad618d31d2ddc65d648c3f2f5ad436d14f9d4bcaa813e88e4bf1643e3a196
- SSDEEP
  
  384:FWFPrWFVHFcKRKbUWTb2HRN7Jr+Hj+R9zjj2X:M6FvRKbH/iwHji9zY
Score

1^/10
behavioral30 behavioral31
- Target
  
  Microsoft.Win32.Registry.dll
- Size
  
  118KB
- MD5
  
  b69cd4e54d44e1d73ebe2c1a492dff43
- SHA1
  
  44739e4f0a64cd1dce73afddae1e27c20e663757
- SHA256
  
  e1c83bc80e79863e80cfaca350291ae5bdf942c59f39e812770039bdaa660ac9
- SHA512
  
  9aaf53d69401175f35f079b031806266ec419170205a0291f38986a4b1cc39704f1e081ff18d178b0fb9d9b5eaceca60384e7e1fa2eeaaab88b2e157a1f8e667
- SSDEEP
  
  3072:5vauwrxjsbG4TJ6UJSvEVcULVi8AiC1HLP:AQ64t6UJSvEVzIlb
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

.NET Reactor proctector

Downloads MZ/PE file

Checks computer location settings

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32