agenttesla | cc51d534334fded9ebc813c4ffa0f7c46e97d17592b9973020075c91f2534105 | Triage

Sharing

General

Target

f2e51ba10816f4ade285479d0f951dc0_JaffaCakes118
Size

368KB
Sample

240923-xdjz8a1bkg
MD5

f2e51ba10816f4ade285479d0f951dc0
SHA1

16942c463b9700290379d165dc860281893cc5c9
SHA256

cc51d534334fded9ebc813c4ffa0f7c46e97d17592b9973020075c91f2534105
SHA512

267c5bf4fa191cd81fc09d52bb61e078920d1e51721ec2e19d722345fe9cabeaeae28e64ac6bc5497f6932c9fe9a56c82409cae076f08f99551cb9cedebd20a5
SSDEEP

6144:aPCganN6z1DKcXVnuuKe4NxS/awKUu4q1SDvWNcZyszwZ79qrN6oVUONT:ganCWCVuX/GajUuj1uvfxwZpUQwNT

Score

10^/10

agenttesla collection discovery keylogger linux spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ozgunakkoyun.com
Port:
587
Username:
[email protected]
Password:
FXESf0kv?lB@

Targets

- Target
  
  f2e51ba10816f4ade285479d0f951dc0_JaffaCakes118
- Size
  
  368KB
- MD5
  
  f2e51ba10816f4ade285479d0f951dc0
- SHA1
  
  16942c463b9700290379d165dc860281893cc5c9
- SHA256
  
  cc51d534334fded9ebc813c4ffa0f7c46e97d17592b9973020075c91f2534105
- SHA512
  
  267c5bf4fa191cd81fc09d52bb61e078920d1e51721ec2e19d722345fe9cabeaeae28e64ac6bc5497f6932c9fe9a56c82409cae076f08f99551cb9cedebd20a5
- SSDEEP
  
  6144:aPCganN6z1DKcXVnuuKe4NxS/awKUu4q1SDvWNcZyszwZ79qrN6oVUONT:ganCWCVuX/GajUuj1uvfxwZpUQwNT
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $APPDATA/konto-eroeffnen/constants/47.opends60.dll
- Size
  
  48B
- MD5
  
  d1aa2ed18ff6f49b3b8986eb0a48cacf
- SHA1
  
  139973b18359e17f0f34a727bbbf81fab5f75c99
- SHA256
  
  3965d0f1981b3da8dea582e371a0862100455809cef13164f9bd6dd59d44c2df
- SHA512
  
  d68cbe61358f229c1faedc310ed57c5b7dc0b325e22879a84e6036b585e4821ef2e562da4832d035a9cce8ebf8e79a2649d0f15ec212433d65979285e99992a1
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/konto-eroeffnen/constants/MFC80JPN.dll
- Size
  
  48KB
- MD5
  
  3e9b3cadc71ab38ff8183299ef772367
- SHA1
  
  4c9a4f181c31b92af497996a5f9c28b549633f12
- SHA256
  
  d688bbc45a22814403bda7609ec1650589f5d0acb8287ad72c6e493d51441e27
- SHA512
  
  4e49cd5737213dde86e662a12df5c0feb94adc30d54d5dc9219285047526ca0e6899ee59a3027cc2572b8c79f4af97c9b8a5392b911ddb873d734537d90a6e60
- SSDEEP
  
  384:hDNCysL/tAGqyVVp7vheBWlWRUJkQbXDr10Jh8I2Bb4:hZXsZAGDN7vQtUJkkr10IIc4
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/konto-eroeffnen/constants/MicrosoftWindowsCEForms.dll
- Size
  
  19KB
- MD5
  
  d818d217b0a8055ae995e94a6caa9db3
- SHA1
  
  f8d9307e9ce7803f48a37778e935ba114a492b12
- SHA256
  
  cbba64117b44e28ba4d05f74d4b11b9770922dfaf50d46316227c5012913068d
- SHA512
  
  55b907a136563dcfbe85ef38c1599f76f6b77c7bdd9ef52d708f5fa783bb5ad1c5a01138473e835efca10abb733ae6a03532ca2ec7414e7edc4caaca95fd8b03
- SSDEEP
  
  384:IX/u/+j0QSjE1tmD6NQq36jWa7NEhN3JkWXjYWSYLCcM36mn9:Cj0rg7Q6NYYL3u6Y9
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/konto-eroeffnen/constants/makecert.exe
- Size
  
  39KB
- MD5
  
  ed1c00557cde869caa963bbf9c820f05
- SHA1
  
  53bbd8b86fcbee9316e02af399634522b12539b0
- SHA256
  
  4d50ce341be70511e9a871dd347b3f5793ea97787cdfc92045c0bcc8aae6e298
- SHA512
  
  509afc51b647a6904a3a4abf04b43dfaee5fa0878c3a822fce84dd58ce2ab1c15a38610487c520ca6f7c42ed37d754df55a82b0a81a28d31493f2535d9568405
- SSDEEP
  
  768:fqKIjHhW0CfW0FKT7vZKP1xG69D1/gEehcaLnTJ/2acSd:3RnfW0eoPPXpCnTJ/2acSd
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/texis/71.opends60.dll
- Size
  
  49B
- MD5
  
  47afaddd615c7585bcaa3998841c07f1
- SHA1
  
  a90d4d3796b98e84ebaae1e5525c73760b6d8cde
- SHA256
  
  e8292fb07ef7ba6c6cbf970494d14baa6107cd84a8f8a421f16c77e423e0f531
- SHA512
  
  05b52ec788b1f996ff9fda517737ba2059ac520234558eb54f0a73668001f87eebacb709c2bd5010c2dfb006d4bf98e178141fd986f8a919ba286ca2a8f720eb
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0063d48afe5a0cdc02833145667b6641
- SHA1
  
  e7eb614805d183ecb1127c62decb1a6be1b4f7a8
- SHA256
  
  ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
- SHA512
  
  71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
- SSDEEP
  
  192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6e64e5d5f9498058a300b26b8741d9d5
- SHA1
  
  837ce28e5e02788da63a7f1d8f20207d2b0bf523
- SHA256
  
  8d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33
- SHA512
  
  f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e
- SSDEEP
  
  96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMP/Holotype.dll
- Size
  
  41KB
- MD5
  
  4b02b0b9a0cc891ff025510c605f08bd
- SHA1
  
  42c00ef177b2b4900eb982096c31c55ea636abe9
- SHA256
  
  383d775daef2b8cb6c5d055851ca23b1328d3a75edc01d0801ae72f429b667df
- SHA512
  
  a77ee6c2ef97f2898a4d3007c03a6856d98581251e6160bddd3d5f86ed433a06c5d2edba378abad5a664478b803ac1dd3161de0c74e1f4eacfb8718a08b8843c
- SSDEEP
  
  768:zSIY+guIUaTVNRhwUmnTEDm3vyU12wftb:HYnlhNv+4U1rfZ
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan collection
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Accesses Microsoft Outlook profiles
  collection
behavioral17 behavioral18
- Target
  
  $TEMP/public_ftp/42.opends60.dll
- Size
  
  54B
- MD5
  
  4fd523513269bfc51954110c8317ef1c
- SHA1
  
  e270f7b387c49491722ceda7e5fdf77caaba9556
- SHA256
  
  97e327f5e11afd404d9f48b6aeab7353ec91daea8a592945f5f32faf82232203
- SHA512
  
  0f0a4515db50d0174904b5e4fbe5f42a871eaf5a88576b3fe53f6f05fe0ffd0b32488e2bf4bc2e7fbb5d76f808e616af3a41339202e0566c0ef8cefc51c48756
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/public_ftp/47.opends60.dll
- Size
  
  48B
- MD5
  
  d1aa2ed18ff6f49b3b8986eb0a48cacf
- SHA1
  
  139973b18359e17f0f34a727bbbf81fab5f75c99
- SHA256
  
  3965d0f1981b3da8dea582e371a0862100455809cef13164f9bd6dd59d44c2df
- SHA512
  
  d68cbe61358f229c1faedc310ed57c5b7dc0b325e22879a84e6036b585e4821ef2e562da4832d035a9cce8ebf8e79a2649d0f15ec212433d65979285e99992a1
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/public_ftp/MicrosoftVisualJUpgradeEngineInterface.dll
- Size
  
  7KB
- MD5
  
  20712da756917c247c0b6b00bb323a92
- SHA1
  
  3839d561e4f98f90d1d6927f18da38c52c29487a
- SHA256
  
  afae09aa5b7e708b885ad2a54d13db86a7a53b0c1b5b5490e7055ad859f5cc30
- SHA512
  
  442e0f6bf9c7857ed74a840c5d12ceffd362e106fafabeb3a6d1db55f82c8ad2cb188c4a97ae1dcbd1c17d8fa0950636c2b3aaa8226bb44eedf4384c2eded9bd
- SSDEEP
  
  96:B1ylB3oTgvhx6h2s6CX67RHY8O3mw1NRg2V2Ey2+E/M5dgiL3QN18xv+OKf3zzDn:Ng5whoCgHSVuKi68xWWLbNKOWN
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/public_ftp/VB7TLDUI.dll
- Size
  
  15KB
- MD5
  
  0e492f70d49ed66ff7471d87c59f3489
- SHA1
  
  b35d34c232903f4ff0aa8de5082d1bccdd78cf67
- SHA256
  
  c94c8a2709401aad4a1e59ef412db3c12aff855b85fcdfe635e70b0ea2420aa1
- SHA512
  
  1f796a2c1360a41a7558b57043c09b2ebeef5fdeaab71cc53af0d28d9b467f43d5a6aee9b4adb0f17adee5f1d4458dbe9e374815fe434f8e8c278fe829a909d6
- SSDEEP
  
  192:laUmA3jzxOnLkv6N3Xz6vrkonZCwnRDcWWqf7L/CldolMvMjGwPgMvws+ebMNOk9:AncYD6LIwnVcWjTLCcY+wCbsOc9j
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $TEMP/public_ftp/VSMigrateUI.dll
- Size
  
  15KB
- MD5
  
  8a5d7b38d9bdd2d1c69a0e93147406fc
- SHA1
  
  543d2409257eeba9387bc281f100adf5dbc77966
- SHA256
  
  6a0062f006f1eb13c641a841b7dabf7dbdc810f946bffd9282f72141a72d3bd3
- SHA512
  
  e3b3dcb12986995cb943a449ae80acf48ba6abe7e35673337595f919f9bc821313d35c4708657461c152cf36b1aa29c9ee32b7c9b8332da9b90b4ed2297e9150
- SSDEEP
  
  192:lZxn3fUnucJHN3Xz6vrk9l4cWLAwYWep+/WWqfkIL/CldolMvMjGwPgMvws+ebMg:xP6D6ml4cWLAwNes/WjbLCcY+wCbsOF
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $TEMP/public_ftp/gzexe
- Size
  
  5KB
- MD5
  
  5707c43e99bd5ae2c4660ec1bcc213c1
- SHA1
  
  c6247c24928bebbd3a6b74cf499e153f5673e590
- SHA256
  
  6de8254cfd49543097ae946c303602ffd5899b2c88ec27cfcd86d786f95a1e92
- SHA512
  
  e7b1fe76b6c901531dec4369a7086eaf1e49a23cfef4d761e6b65fd4c505584f28b1d7f26089f14b963c997ac85dd6c310af0e01e0c51783481eb309a5aa08be
- SSDEEP
  
  96:KFM9R/fxEoPzmAdCbu3mQTfE9u550zbZC7A+yR+X67/cDbffJD6xP85BYk:GM9R/fWo7mAdCMmOuq0z1Cc+yR+X6zcz
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

collectiondiscovery

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral18

collectiondiscovery

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32