agenttesla | b52ffd3f22e5be9aa787b97534dfb5fe3de41d52c350691c43082c26f2838d00 | Triage

Sharing

General

Target

EXA.rar
Size

819KB
Sample

240914-2mjg9s1dna
MD5

b794cb398c8bbf3f60c485b1b29cb9ac
SHA1

ae37ec845e1ab54361375edeca02fc091903a709
SHA256

b52ffd3f22e5be9aa787b97534dfb5fe3de41d52c350691c43082c26f2838d00
SHA512

0d6acb64f3af9942d4d4c365dcf7a95d68d42bffded9ee654459a753f3c98a5bb333666bd18e9e2066ecc50761c44254671e1f71c21fd44e062a774c3e5d6c5a
SSDEEP

24576:W/rPbdKaSzVZXBLXuwaUA+WTcp21xI+W3xvF3MiUae:WD5KtlbYcpGu7F3M15

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  EXA/.reloc
- Size
  
  12B
- MD5
  
  1da4e317f7e505d237fb84ac000cd339
- SHA1
  
  2829ec054243f74e95b025d00f7f3b8cd35fa2c5
- SHA256
  
  e429593bd668cc36bf312e77cc4efaf63233e632d9c7e4ea3b928500a551b1e7
- SHA512
  
  6b721496efb52bf32a33db14dac5ee01e0b04e3b85a1aee693c872d007f1b803d353a40234a3470e69d2dda4de1c39d065ab451afff6af8cdc976e16f4e1efc8
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  EXA/.rsrc/GROUP_ICON/32512
- Size
  
  20B
- MD5
  
  6da8e7d5ae1d5d15e0230a67a7c16c6d
- SHA1
  
  678db52cbe5d617c33c6269bfd4b6d8d1a17f956
- SHA256
  
  6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396
- SHA512
  
  a41f5e70082da47535ef2bea0c9dfe994905db538e74c54a74ce713533b67689d2835057421298f9fdb0f2ca6eaa03a2dddb0b049e800fd57a7dd0b0eca41135
Score

1^/10
behavioral3 behavioral4
- Target
  
  EXA/.rsrc/ICON/1.ico
- Size
  
  9KB
- MD5
  
  e81b3ac9025f10c58bb12d10c14f9453
- SHA1
  
  75945dc5509ad497bd3df1a43590c416550bdddd
- SHA256
  
  625e387f75c2c95b9ab750adb066e94a1fa500395b6cfb8b03d08db6b957889a
- SHA512
  
  3e6050b80b5b4da8af84d5fefea4c2e9be668e9fba2548088e322608074bbd7dc57bd2e74b61ee260ac19ca10b3af47c69102064ac8dec081bc1a864fc7ef759
- SSDEEP
  
  96:MFj3WaQXwCB+DGHRljSvD+aI8fJDQwDtSMqrct3oaZH:XARyxljS7+aIwJRD0M5t3oiH
Score

3^/10
behavioral5 behavioral6
- Target
  
  EXA/.rsrc/MANIFEST/1
- Size
  
  490B
- MD5
  
  b7db84991f23a680df8e95af8946f9c9
- SHA1
  
  cac699787884fb993ced8d7dc47b7c522c7bc734
- SHA256
  
  539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
- SHA512
  
  d4a78daf4ae93952197208752d801390ce39a519e7f5aa1360c42fc563ec0e221625b1bfec2a9564fd3dcd14c18b74d5d9fa6e57c2bced40c1f32c6814b4c523
Score

1^/10
behavioral7 behavioral8
- Target
  
  EXA/.rsrc/version.txt
- Size
  
  1KB
- MD5
  
  3d5351c601e0e86407dd469ee1dcf957
- SHA1
  
  82cdd9d2a3520b05644fdceef1d7ad6c4ad51399
- SHA256
  
  4a2dba4260b1d963e5a8f8f931f820c41f4909d2816742e64548b04ecafad84f
- SHA512
  
  519fc76c50d0a8362ce04ba1f1631bfa3ba46a7e23f4753a73d9d5dc4d5e97f4faa57fc6f222b838d078d56a6afd53a5db125e097e4f7f402a906c0246911941
Score

1^/10
behavioral10 behavioral9
- Target
  
  EXA/.text
- Size
  
  51KB
- MD5
  
  86cb84faaaa50cd57b4c784f5e50ee35
- SHA1
  
  b6e0bc563f1aac207ccd383de1bcb8cf40ac075f
- SHA256
  
  3bf4b9b8979c4fbc37ba4bfe73485df0f5519e4f8394e2c11484031e9af2284b
- SHA512
  
  715bbe9a94c1491e34f55236c0187043d4527fe652f2688fff99c86795547ffdf7d291ace1d77ebb57f221c43d1d2ac1fbc8f9bde997e88024cf1a1b2c9d2043
- SSDEEP
  
  768:ZrTPMgXlT1B9WZlGc0T19HEIqpHwnmWXAFMvIe/FUjCySQw35t4i9mHK3moNeKh/:ZvPvls2TPEld7qIe/iaQwJOi0GmNKh5l
Score

3^/10
behavioral11 behavioral12
- Target
  
  EXA/Creative EAX Settings.exe.config
- Size
  
  189B
- MD5
  
  9dbad5517b46f41dbb0d8780b20ab87e
- SHA1
  
  ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
- SHA256
  
  47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
- SHA512
  
  43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  EXA/Creative EAX Settings.pdb
- Size
  
  31KB
- MD5
  
  10e8b39a45e6ac2c9976ef769e1f4266
- SHA1
  
  1ecf9f4ccc23ad8b2b3f9ba38aa07b94dffbb0b1
- SHA256
  
  ba70b1c1de48b6d474783e8a493ccb5b77d4e31a184f4fe23a00d25ecb0d1600
- SHA512
  
  f05847f2c50efff0208130d6dc60cca7bbea5e62e828f1e4abe0226f30294b04fbc82e88b97a16bb51733d65d0c75dec64481ac5c308bfbafe3d719fe6b07581
- SSDEEP
  
  384:aLSuXEduXAj2mTn4rECba3b2NLguz7j2uTTjBf:a+uXEduXAj2mT+dj2uT
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  EXA/EAX Console.exe
- Size
  
  64KB
- MD5
  
  f6f079a2d265f5b5db3f5b80b1b0ca2d
- SHA1
  
  4124af9c2a1e96af3a652c521bb3cb8137d71614
- SHA256
  
  846d613708c1455f40fd93345aec0e05f344c586e7bc150850c46f65c4b26d79
- SHA512
  
  f159959a62b9151a93f9d5fe2e226416404217560299a746dcbdb2c39c6cc94e01e74ad72cf14e6246e211fa2e7fd1d1233cad149b067af086fe167e23167b85
- SSDEEP
  
  1536:XvPvls2TPEld7qIe/iaQwJOi0GmNKh56aQwJOiw:XvPvZT873O/Qr5rKh9QrF
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral17 behavioral18
- Target
  
  EXA/EAX Console.pdb
- Size
  
  33KB
- MD5
  
  728ea8903ad8229cb1d9f1e462f4fd11
- SHA1
  
  20f4588cb7c00ee235c3c14a36742e5b782a3b47
- SHA256
  
  99c4ce175fcbe1277977b36a6ea0a7ecf9a62d22722f4ad2530a3cc29ace5102
- SHA512
  
  f0b52171900ca7c27c99e889ab2f786d552d380a3377a5e07d83e4a4e494bd08f2bd3afdb98b1e312eb1f62371fad56bfbfd6324cff17162e946b96693a943a9
- SSDEEP
  
  384:aierWderuX29TI146ECblbB/Q0kX2YTIZrRx:aierWderuX29TInoX2YTIL
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  EXA/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c3291bc3a34eb26cf50ee2e19160f99f
- SHA1
  
  87dbe564d84302fc9d7a5812827a588edc0fecb6
- SHA256
  
  7be259b403614c31b75312e938da3c6567b8f4f86d7e72ee4676b9ec9662e5f8
- SHA512
  
  58581e398699900ede25ca54f067ffe5b42b364b87b1e1beae073d9d5703f4fd85e4e4b298a8b8831b1eb2c96936cff738cb0520c9e70451ff62b132fe47ec17
- SSDEEP
  
  24576:MrAtMBDzyFA717LhmvuICCrTfgDl54XhmIEHmPwMnZ4P6FdHQ/jz+mA:MrxBDzyslHUnM6FmA
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral18

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral19

behavioral20

behavioral21

behavioral22