agenttesla

General

Target

Desktop.zip
Size

1.2MB
Sample

240911-r29mwswdlj
MD5

e694fa99d19f67b47bbc5c0e06b37d61
SHA1

51867dc6f2a43d88e59d3d47352ea6aba5e2d305
SHA256

921aa352a62365eb39a0419e7dee5a62f337ef5117d221427ab9e805daf5d95a
SHA512

969848811873e9e2c3bb270d2e290130d5d724d563bf886251275ae0e66288ba22ee8863bd9c878f43a8c385eb12e09e991a4ed9dd26b4b6f3018df041127465
SSDEEP

24576:5CY09tZJ2e+U9lmZugWesm4+ZJGSZNbJ4MWZ9yJYsM:kzZJf7D5+zFN14Hyo

Score

10^/10

Malware Config

Targets

- Target
  
  Bunifu.UI.WinForms.dll
- Size
  
  1.3MB
- MD5
  
  7bbf428fb683748a73594b9791a39f96
- SHA1
  
  341d30a12cbbd2e8c654fb1ddc382017ac83b2c2
- SHA256
  
  a870923034e7f135a4e34a3192c39fea8bf2f8f6a82e700b547101245e5f9de9
- SHA512
  
  1770ee20d88f83cfe343800a4dbc95eff0c9c253e2f42cd4d52baac959e1c8385c1c208610b10eeb96782283010ecc36d51ecce9bb815d3ee480024936327c58
- SSDEEP
  
  12288:FGixaz9472cwOIqgDGKyB0s2nCgtXcMrtObY18mdXQPGdc/Cs7R9LVyoasofOMKs:FFGdc/r/LjedWVhHc5zmr+udY/VrJ
Score

10^/10

agenttesla discovery evasion execution keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Executes dropped EXE
behavioral1
- Target
  
  Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  278752062981db6fe27ba55f5099b8ae
- SHA1
  
  8446637986cf4a24e9135ee5c54f3170600e1e83
- SHA256
  
  538e6ca6001d609e251f88243409a2cbc9bc0517751843e76485a2c335e7829b
- SHA512
  
  142ff82ca90ca63a6a854e866615d742b585c102e8c4de5c773edeb1ac30c2cc2f6bcb190da394e4aadb4ef9518d194d99904463d6e952170d2924b16fcb00a5
- SSDEEP
  
  49152:PQNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckFjvkoEFB:PAhck1
Score

1^/10
behavioral2
- Target
  
  Lucky.exe
- Size
  
  73KB
- MD5
  
  bda7e3ae3b6d42fd2ae7fc727ed53cd7
- SHA1
  
  6c43aad175ab5754ea0aecede688c5ae87f946ba
- SHA256
  
  2c54752c7dfc19485fa1e2f5193de64a74d61bcc485ffa33df95bff2b5fd8285
- SHA512
  
  b9a11e2aba64bf29452010bde4035f3b3196b32da82392f60d56c76b133ca574fdfe51d0e1ba342e5678c9e403323fb292ee51523eb1637d13a1077134036722
- SSDEEP
  
  1536:xRQT4CM+vza9t1LTtlbeK2Iu3wNsS8W/1WDkB8l/qfWO:3QsDSO9fLTLbeK2ISwSHy1WDkBSgWO
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral3