agenttesla | 442c5e4c8e56bf5fb453fa70d9afefac6d8aad0d861db57055ad4e8bbe31535f | Triage

Sharing

General

Target

1809202407148lyz52.zip
Size

3.0MB
Sample

240918-m69q8sxbnb
MD5

066823315a2da3168f383d5402ae9238
SHA1

5ed1696d1cbc337c7db70fcba5adc24e2c520465
SHA256

442c5e4c8e56bf5fb453fa70d9afefac6d8aad0d861db57055ad4e8bbe31535f
SHA512

baa61bb47ebc367adcf2e90ac18ea2efee620c1171dcbbff64205de2130b09ce4e96cb071e7a27a60fd577d1487b29497bbc344f1a9b147d32eb7da6199c7d8f
SSDEEP

49152:cx3+Lqt0kh6xUsJf4pa6tXciCbe/3ZHqUOXwOCwdwp4yNbi/RKqYHzPpPrMU7QCs:cxu06eEgCI3zOXwOCKw6y4/8qYTxPJER

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
6RLYuUCIH8hN
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
6RLYuUCIH8hN

Targets

- Target
  
  AA Master Maritime Final Draft 92000118289301-PDF.exe
- Size
  
  24KB
- MD5
  
  dbf001709c85cb1040c86b56dd29e02a
- SHA1
  
  8d1c67f18756fc93af61c45a7ccdd88554590c4f
- SHA256
  
  5c5ce4bf348150622adb9f71ed42879c4a5ebf99c94c2be940141d28f2c8275d
- SHA512
  
  7e59d49be1d670a3b74af5a4340c7d3f041f3a690fbf9d3f35ee9111ae5e6dc56b2486dd8e044f2c88c7d439a35821fa75164e74c7d7456c3e70b78420dc409e
- SSDEEP
  
  384:ek4cgxl1oqO3ZKFy3N5AOtFP27xWkVbgWUlIx4c1WuoNDwXw0FP27NBY3Yuv+NA:ySq9FCN5vKxnVbgvqxN1z6chK/Y/+NA
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ActionCenter.dll
- Size
  
  2.6MB
- MD5
  
  27884e7c7b1c1c5dcae66227bf45d8d0
- SHA1
  
  69f6f820a8d6978768fcd9eaa11fba8e566a6722
- SHA256
  
  68c281970b08fbe128d1f303632d46b28fb7f0e4c2db3d7f007d3864917dbf2f
- SHA512
  
  6c08793c959a2e675fdca10495168d4b0d79bbf8778749b6246461b326c4a1a881731ed8957701fefbd1c1c77bb1bafa9769eff8c1a9db1ed9b9d655c5489180
- SSDEEP
  
  24576:85Op2XP0c3C9uapvGe2oEPUPKrt1RD6h4DnLTHRoJYlCuFGmAaToNjUSZnamzRbV:FwLcuapRCUPKrt10CDnWwCuFGmWySfV
Score

1^/10
behavioral3 behavioral4
- Target
  
  attach.dll
- Size
  
  30KB
- MD5
  
  4c1d40da87bc31b1a22a734257a05808
- SHA1
  
  137c1ecc09812143f948288de01ecf5088120773
- SHA256
  
  85fd121430760c427847fec679bba52afde2383000def6a10c702dcf35b3f19e
- SHA512
  
  87c5cb2b8c2cb3263502f8df58c517d3aad092c7d1212fa1d66c376c912b75eeca9e6b8f1741e9022f393474d38a0acc271473825ae82beb3cee9218d1f431dd
- SSDEEP
  
  384:xWBwarWLBni1EYCcHw0KcLL3Tkz6fFP27xWkVbgWUlIx4cpW/FVM0FP27NBY3Yuk:xDiUBi1EIzkzUKxnVbgvqxNpyK/Y/+Ui
Score

1^/10
behavioral5 behavioral6
- Target
  
  jawt.dll
- Size
  
  22KB
- MD5
  
  aa8c5c204fc51e0e41dd7438b9ae3a60
- SHA1
  
  8a32f69e9284e692df2ac335cac89b89ff8df1ce
- SHA256
  
  4d750b41868b1559d95aab6511f22abf4b4835eeb7b45a6edaa67b18100f90bc
- SHA512
  
  aa718c9ec23d2bd9f8cf78f45b4c39eac9550cb45ac2542aa9b816a3684fee10e9a80d77cdb9dbd8f12cf2b15e2dd903c5a6ae0aa540bd70eb64768b2660a564
- SSDEEP
  
  384:OdLySe1G07FleGeISFP27xWkVbgWUlIx4cBW0W1hjB0FP27NBY3Yuv+V:Oty1h7LletKxnVbgvqxNB8hGK/Y/+V
Score

1^/10
behavioral7 behavioral8
- Target
  
  jli.dll
- Size
  
  3.7MB
- MD5
  
  ab00251a16e0b607232483e4548f4b5b
- SHA1
  
  59e921397449cdf81789159dc2567e7dd0864d1d
- SHA256
  
  594d7beb2dafb0ad54e415d09fe2421eb7fa0554685d99171fbd10dc646f4e58
- SHA512
  
  fd77e1a779efe5467bb9390488d4d22396c2a6c3b5b63de1ab9fc64907f0507996fba320956df1eebaefe04f482c9ee64d429b188d5baf308dbd117c3fbf0bbf
- SSDEEP
  
  49152:MJPwtJEdvqUcEoHd2CkhA45YQzpx9gF0l9XtVYNR5PlDyr:MOtdUo8YQpYBlD
Score

5^/10
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  msvcp140.dll
- Size
  
  565KB
- MD5
  
  cf3c9952962640598e669f48c5c5480d
- SHA1
  
  b373762c86a3eeffe73d0434c0d2c2abd2815e70
- SHA256
  
  053ca8ee2206b4639efbcbfd068df741b6ef5b49f19c0e2afb4e63b687e4aff1
- SHA512
  
  28126446c66ede4a3d33d9345dfd7ccaaf4306fe038fb13bbafabc389339ce5bac9b862283d6464622d5cf625c313b77c201a5beda460067f87819ad06fd1753
- SSDEEP
  
  12288:67dqZ1EqSGQEwkcz6sm7UtgZ/29z7mnuMG7NaekWdgJMKZ+h7rUh0wvaQEKZm+jv:6ZNg+h7r6iQEKZm+jWodEERAc7GK
Score

1^/10
behavioral11 behavioral12
- Target
  
  ucrtbase.dll
- Size
  
  985KB
- MD5
  
  596226a2adc84678fc417de207cd9867
- SHA1
  
  6758348f540f946cd256ce9e4c778af4d9135f41
- SHA256
  
  425470634ec67646e8d6844cf49f08cb9336458bf2a1b13fa0272d22d2ead99e
- SHA512
  
  5c6a8a8da26cab88b1206ee110a511478e6f14efc0479cba651ce12f6de4d37537bac2c30368a274d3b5eabcdc69b4e0a3dbdb6a44ae0049e1110ea55393199a
- SSDEEP
  
  24576:UhEbImsFPfhQiGlA3wubyZ9dgrGOqy78p899amxvSZX0ypkuy7I1:UhgImsFPfWFlAVyBgrRV9PuV
Score

1^/10
behavioral13
- Target
  
  vcruntime140.dll
- Size
  
  107KB
- MD5
  
  146eb6b29080a212b646289808ae0818
- SHA1
  
  e5d9801f226ecd3af662df225f751ae8a8934357
- SHA256
  
  f66c606d2ee6bbca375ab4268b0c6aef5170a4ca580a00e17a56057a7a127743
- SHA512
  
  0824b42ca2539709f77134ffea9c10fc9f4c126b6a309bd5d3ddd02a660ef98d63b178219d83b173340798c479a1008c2d4f57830898673043fee2450a210a58
- SSDEEP
  
  3072:y67mylIhkoQpdK9H9YOecbKV02pKuKLK/M:7iylZoQwH93ecbKCR72/M
Score

1^/10
behavioral14 behavioral15
- Target
  
  vcruntime140_1.dll
- Size
  
  49KB
- MD5
  
  c106bef63b8db2f32de277b0c314249f
- SHA1
  
  b172b5809f95bd4f4181fe30c30368b50a27f08a
- SHA256
  
  dced523e24b4374522c86f7bbfc0ac8d8e1078336492629722081339adaad9ba
- SHA512
  
  77aab947ffec187f054c68899f2b4186a53b2901fb74ee6702586c1207a4abea238c64da0aa3ebe56695c31606b315f9a6289ca1748e9770fcfca5816e7e6580
- SSDEEP
  
  768:+Cm5yhUcwrHY/ntTxT6ovF7IVwwIl9znKxnVbgvqxNJUoK/Y/+b:lOHc16opIVwwI3znKxnKvKNJUoK/x
Score

1^/10
behavioral16 behavioral17
- Target
  
  verify.dll
- Size
  
  55KB
- MD5
  
  d5783fbcc6fc13ab5812047c66c79c87
- SHA1
  
  0862477761ea1f48540c4186dfe11774456ca62b
- SHA256
  
  31c15c5cebfea874bb8e6a3e7ac863ba19e8cfe7b908dd22e4905c5f7e76f9fd
- SHA512
  
  b7a356708c25d7e2474bfd897fd2107bfccea43d14a26f624e8775d89600f11caf4aac6dc1fcdd7d37bd9c1a8592b897276fe059911c9dd7896cac764d0b5f9f
- SSDEEP
  
  1536:4jEWuOKMq66uwtGz8ijCacKxnKvKN5I+K/i:yvDKU6uww8ijCacKuKHK/i
Score

1^/10
behavioral18 behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19