agenttesla | 4cf6a68ececa9a719920f125d5b9254ed3494aaac5f5e179c52d10f12599776c | Triage

Sharing

General

Target

EXA.rar
Size

774KB
Sample

240909-ws2yxasbmk
MD5

45fdfcbe36ba1f197453b2c615c652ad
SHA1

1835f096306610bf8c3eb2127fb7918b539a4d3d
SHA256

4cf6a68ececa9a719920f125d5b9254ed3494aaac5f5e179c52d10f12599776c
SHA512

9eda4e59bae9552450a18073fb4c726fc9b1cce6a95c130c081024d3166722bd1afcc23d2e6806a4dd17ea14153874ceb5db054a7399413d03d8b92abf6eeab5
SSDEEP

24576:OGA/axqDi16nTHpkF79eBW9EMzwxJkNODp:FA/axqLnTHaFABMECekN4p

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  EXA/Creative EAX Settings.exe
- Size
  
  60KB
- MD5
  
  f42dbb82f8bbd8d9f5d649ae77eebb81
- SHA1
  
  b84ff8ab5d157017835fc532e2755702a9f95f8a
- SHA256
  
  e6a0f97a1d444fc0cb4c0a15ce79c89c2fdd065ac08575f213cd079c432e4016
- SHA512
  
  e207276f9c5ad0a38403dcc5ea5d1cc57e103b7a752d5ecff2cf35c14eea739a0b633ce7b81287ab9c64de1e4a6ce5cba213cf9af84c364fc0fd1123dfcdce69
- SSDEEP
  
  768:updhPUkYG0UxZOwow4un5WcTDgzSDChgpBBkmrSU9JLmHK3moNeKh5jjLkmrSU9:uxqGDgz5gp7drSkJiGmNKh5HLdrSkJm
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral1 behavioral2
- Target
  
  EXA/Creative EAX Settings.exe.config
- Size
  
  189B
- MD5
  
  9dbad5517b46f41dbb0d8780b20ab87e
- SHA1
  
  ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
- SHA256
  
  47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
- SHA512
  
  43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  EXA/Creative EAX Settings.pdb
- Size
  
  31KB
- MD5
  
  10e8b39a45e6ac2c9976ef769e1f4266
- SHA1
  
  1ecf9f4ccc23ad8b2b3f9ba38aa07b94dffbb0b1
- SHA256
  
  ba70b1c1de48b6d474783e8a493ccb5b77d4e31a184f4fe23a00d25ecb0d1600
- SHA512
  
  f05847f2c50efff0208130d6dc60cca7bbea5e62e828f1e4abe0226f30294b04fbc82e88b97a16bb51733d65d0c75dec64481ac5c308bfbafe3d719fe6b07581
- SSDEEP
  
  384:aLSuXEduXAj2mTn4rECba3b2NLguz7j2uTTjBf:a+uXEduXAj2mT+dj2uT
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  EXA/EAX Console.exe
- Size
  
  64KB
- MD5
  
  f6f079a2d265f5b5db3f5b80b1b0ca2d
- SHA1
  
  4124af9c2a1e96af3a652c521bb3cb8137d71614
- SHA256
  
  846d613708c1455f40fd93345aec0e05f344c586e7bc150850c46f65c4b26d79
- SHA512
  
  f159959a62b9151a93f9d5fe2e226416404217560299a746dcbdb2c39c6cc94e01e74ad72cf14e6246e211fa2e7fd1d1233cad149b067af086fe167e23167b85
- SSDEEP
  
  1536:XvPvls2TPEld7qIe/iaQwJOi0GmNKh56aQwJOiw:XvPvZT873O/Qr5rKh9QrF
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral7 behavioral8
- Target
  
  EXA/EAX Console.pdb
- Size
  
  33KB
- MD5
  
  728ea8903ad8229cb1d9f1e462f4fd11
- SHA1
  
  20f4588cb7c00ee235c3c14a36742e5b782a3b47
- SHA256
  
  99c4ce175fcbe1277977b36a6ea0a7ecf9a62d22722f4ad2530a3cc29ace5102
- SHA512
  
  f0b52171900ca7c27c99e889ab2f786d552d380a3377a5e07d83e4a4e494bd08f2bd3afdb98b1e312eb1f62371fad56bfbfd6324cff17162e946b96693a943a9
- SSDEEP
  
  384:aierWderuX29TI146ECblbB/Q0kX2YTIZrRx:aierWderuX29TInoX2YTIL
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  EXA/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c3291bc3a34eb26cf50ee2e19160f99f
- SHA1
  
  87dbe564d84302fc9d7a5812827a588edc0fecb6
- SHA256
  
  7be259b403614c31b75312e938da3c6567b8f4f86d7e72ee4676b9ec9662e5f8
- SHA512
  
  58581e398699900ede25ca54f067ffe5b42b364b87b1e1beae073d9d5703f4fd85e4e4b298a8b8831b1eb2c96936cff738cb0520c9e70451ff62b132fe47ec17
- SSDEEP
  
  24576:MrAtMBDzyFA717LhmvuICCrTfgDl54XhmIEHmPwMnZ4P6FdHQ/jz+mA:MrxBDzyslHUnM6FmA
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral8

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral9

behavioral10

behavioral11

behavioral12