agenttesla | 79adb6b9405c73db160ea4be1b036c32197b1890bdcf0b32b082a703efeabf18 | Triage

Sharing

General

Target

79adb6b9405c73db160ea4be1b036c32197b1890bdcf0b32b082a703efeabf18
Size

2.4MB
Sample

240907-sx1pvszhmk
MD5

9941b21868922cc214ae69b1dbc7452c
SHA1

9a4e7d8d0ced13948423aca12e9cd772d2c62bd4
SHA256

79adb6b9405c73db160ea4be1b036c32197b1890bdcf0b32b082a703efeabf18
SHA512

9e3c74a4a6a293bb7cb9066ebbcdb2b9bc9862b8928b9e73c29109db56e0d8d62b60589089f0b037b3e0744995c5f71c01c9583b078e517c24138f4ff973f665
SSDEEP

49152:2llhMiZiZVQ2C2P67aRoO0TgSN7DPcRZP5pdeUAPIDXnBnxiaOspHTPsGl:2llji82JVoDgSNna3GC3BxiXstPs2

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  ErisimEngeli/BTKInternetAgi.exe
- Size
  
  797KB
- MD5
  
  5299a07f38ca573f1d4bfb998229f0d6
- SHA1
  
  7b37be31b784e41a98c9f84755f3b9bda37a11cc
- SHA256
  
  899cdce451f9793046356eaeff97468d477b7ca141ba7d67649e60dbd17550d6
- SHA512
  
  2a4617566e164d2d3dec5240114f744ce138786830d8f72de63a112192a7a4cc1598f1051c8fae1b8b433b8b69fd5937b5ca2083316b4e99dd5aa016873b6870
- SSDEEP
  
  6144:ynBCfpm7azL4wRxS7TXT4lhHEZgwKC1ascGqTkzBOtoGte6GIhb7U:MBcSnclhkZg0ascjTkoL46Dq
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral1 behavioral2
- Target
  
  ErisimEngeli/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c97f23b52087cfa97985f784ea83498f
- SHA1
  
  d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
- SHA256
  
  e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
- SHA512
  
  ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
- SSDEEP
  
  49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score

1^/10
behavioral3 behavioral4
- Target
  
  ErisimEngeli/NDP481-Web.exe
- Size
  
  1.4MB
- MD5
  
  39304ce18d93eeeb6efa488387adaed8
- SHA1
  
  22c974f3865cce3f0ec385dd9c0b291ca045bc2c
- SHA256
  
  05e9ada305fd0013a6844e7657f06ed330887093e3df59c11cb528b86efa3fbf
- SHA512
  
  4cf7f831fc1316dd36ed562a9bd1fda8cca223d64d662f3da0ade5fddc04be48c2d40333ba3320ee2d6c900e54c4f7e4f503897793e86666eac7e242d8194f5b
- SSDEEP
  
  24576:MGHL3siy9eKfSmtLvUDSRbm4Jah1rVxBtcSEe8g00XAIZiS8Klpxt/PueauCCk:RL3s7RqeTUDBzrVx4WqipxlPuHujk
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6