agenttesla | 2693c1048a5575cbb920552530ee1f8ff2599099dc079888e63f39aadb884382 | Triage

Sharing

General

Target

f97f261075ab2aa2bffa7e55db878dd9_JaffaCakes118
Size

341KB
Sample

240927-ca85qayhpj
MD5

f97f261075ab2aa2bffa7e55db878dd9
SHA1

09dbd7df952f5f3ab1b6ee6e4198a9458266d7a2
SHA256

2693c1048a5575cbb920552530ee1f8ff2599099dc079888e63f39aadb884382
SHA512

fd5ba2b8fb1782103f0a37e915fbb3fd7f860f814e9da29df9a7baceaeae78f83fa731ed8db5da098c705c4a9c020d6ced52a833f967ad49c93a08fe4072a9b3
SSDEEP

6144:JPCganNi8Kyg7TP3r3RpUDbzYsxf00vhau4TagGr2nBPsZ5m4sVKozq1WiLXb3:HanE85g3Pb3rsA0JaOgtZOOKzwiLXD

Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.nusatek.com
Port:
587
Username:
[email protected]
Password:
nusatek187753d
Email To:
[email protected]

Targets

- Target
  
  f97f261075ab2aa2bffa7e55db878dd9_JaffaCakes118
- Size
  
  341KB
- MD5
  
  f97f261075ab2aa2bffa7e55db878dd9
- SHA1
  
  09dbd7df952f5f3ab1b6ee6e4198a9458266d7a2
- SHA256
  
  2693c1048a5575cbb920552530ee1f8ff2599099dc079888e63f39aadb884382
- SHA512
  
  fd5ba2b8fb1782103f0a37e915fbb3fd7f860f814e9da29df9a7baceaeae78f83fa731ed8db5da098c705c4a9c020d6ced52a833f967ad49c93a08fe4072a9b3
- SSDEEP
  
  6144:JPCganNi8Kyg7TP3r3RpUDbzYsxf00vhau4TagGr2nBPsZ5m4sVKozq1WiLXb3:HanE85g3Pb3rsA0JaOgtZOOKzwiLXD
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $APPDATA/scriptlibrary/39.opends60.dll
- Size
  
  46B
- MD5
  
  d7cdf6f5f061d313ef2aabdd84fa89c0
- SHA1
  
  9bf71a5803e670b4811416d2d412dc965164583e
- SHA256
  
  ec5c0007401f1caa74892f1937494453139a00191cdbc6b5db6b26cc9fd651d1
- SHA512
  
  274357e0265d3f5707c977f99be19a83e9b044faf481a7f3075c0da25b08e586ea17813c21b397a934deecf2f757cbb48a461fcb84cde9f1f511c5d5a21478ff
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/scriptlibrary/MCppCodeDomProvider.dll
- Size
  
  48KB
- MD5
  
  dea1dfbd72e2534ed39c737bfbfcd82d
- SHA1
  
  72ea9b3a4017d0c37d0f5b20e02008ffbc88b79d
- SHA256
  
  d828cda4a89557b24cc2a492cb3f6b09ec69c3ea00d36f5024b58942db9d76ea
- SHA512
  
  254c575fa45b90d58111336600b1df25b33ac246c75b4edf4abc7500e118a66a78a26871af046bcb080fc31e82181a4599e8ff4761cf560fdec7c1c7649ebe16
- SSDEEP
  
  768:ejSqkAVXYRXpXfkPcPMdFwBKmq5aYFRJevf:BqkAKfkkPMdmBKm2aygn
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/scriptlibrary/autolaytui.dll
- Size
  
  6KB
- MD5
  
  1afcdd3beb62da7b5b695fc0666d26ec
- SHA1
  
  271c9c73e25b66fac894ad77af57a12b4fb80602
- SHA256
  
  c9b43f966e47ce35d13d0d78af049a2382b3c0a58f4e44306123e805f9d0df83
- SHA512
  
  d11c904ca069a27f12c2908b1625171fa583f9ed17c1efccd52aaed1c8591fb2377137915c56d09e331071c6a79c98f8f6baceab1dc97fa0f96c5f6360be812a
- SSDEEP
  
  96:9gTwNo4ON4YwU7ftsj0Y8nA5K49EWbkzQWPVnPV:9gGBIZUmWgzQWNd
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/stow/gutils.dll
- Size
  
  41KB
- MD5
  
  657d1d110e247fec5b6653f69c562e9a
- SHA1
  
  ab92a9a74c55c5e5d05f1f3dde518371dda76548
- SHA256
  
  9a77a59e040e99459d1ab2be8c5721b0c61aa608abb81c24e7b355f1c2f49176
- SHA512
  
  1faaa0140ed68a335e9c6067767dd8514c635e5a222e611c52e2fa1fd66d39263f4a928bf71843b8bc0a0355ca008408af5f9cf67e82e96c139ce291871074a4
- SSDEEP
  
  768:qlcsy/f7ZAVLfhvKsUNfK74vGHpXwIxYD7LCKD0k7u1WZ7gxU9:ay/TZULfhyHE744wIxy10kSO7H9
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/with/count/ConmanClient2.exe
- Size
  
  48KB
- MD5
  
  91dc7b85d80a43fd42a0ce82e077f8b8
- SHA1
  
  a1c00dc46465141a48f180c9dfc49e9af925e248
- SHA256
  
  42a36dab0912246c14d677b5baa3cd0e384acf645fc51db39aac04f2ab1bb760
- SHA512
  
  73f73d73b9b370cbaa606b5b4fc16bdee9780a4afa773aed6aa1a368ad4681493c9b83e8bdc69b4a01f311f171d1e5b3545ac7bfd3577d434668023c08539dfc
- SSDEEP
  
  768:1K9IyEL30E1DYXw0kYCmp0K4ZJg0cDDzssseYp24/JFcZ1GgAsEr:XFHYF6K4ZJg0aXssJYpDhFcZ1KsEr
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/with/count/MicrosoftWindowsCEForms.dll
- Size
  
  19KB
- MD5
  
  d818d217b0a8055ae995e94a6caa9db3
- SHA1
  
  f8d9307e9ce7803f48a37778e935ba114a492b12
- SHA256
  
  cbba64117b44e28ba4d05f74d4b11b9770922dfaf50d46316227c5012913068d
- SHA512
  
  55b907a136563dcfbe85ef38c1599f76f6b77c7bdd9ef52d708f5fa783bb5ad1c5a01138473e835efca10abb733ae6a03532ca2ec7414e7edc4caaca95fd8b03
- SSDEEP
  
  384:IX/u/+j0QSjE1tmD6NQq36jWa7NEhN3JkWXjYWSYLCcM36mn9:Cj0rg7Q6NYYL3u6Y9
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/TenrecSaggar.dll
- Size
  
  43KB
- MD5
  
  edb845779d91dcc37810eec0f029dfd3
- SHA1
  
  8ed5905bf015d0f7508b2af8b6be79a368aceada
- SHA256
  
  785275c1afb2a166f159c391a21afe5d82c30cc479a7837c28abb89adff67b87
- SHA512
  
  829b227037b4e3be5811b396ebaf7dbffb1ada24d955025d96f81a61d774c400b6c3997133f72cb1a601a7de60033baef344333bc8cd8749628eac4d206f2016
- SSDEEP
  
  768:JT0LUpldyjKuOexoIhIOGnTEDVBP3vydFd1sbUKV:JSCyhSgY4BidFiV
Score

10^/10

agenttesla collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral15 behavioral16
- Target
  
  $TEMP/crm/IEExecRemote.dll
- Size
  
  8KB
- MD5
  
  0d5fe1c95afe423b214f13e856d0f1a5
- SHA1
  
  539727bee5ba21bbf8591a4927807a7a42d9161d
- SHA256
  
  46862e0cd12555ac96a76ce1ffca06d6ef250b709e09e5c8441793d4c04e5a38
- SHA512
  
  d578184f1f37bca0cbbd893984b1159c4d541b290f7a1339759b9cd870f450edda76807e853fc6bd8da91d6186dd07ad05012218cfcb910cdae07f4180e442ba
- SSDEEP
  
  192:azEJySPTVhqQwRGC19x4VIJI13WyNNtrW/:NJySBk9RfNxJI13WyvtrW
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/crm/StoreAdm.exe
- Size
  
  19KB
- MD5
  
  a9c6d50aed840dc5ecb9456efb6c4205
- SHA1
  
  b85b0392743c4f0d9f94a872247a7556770757dd
- SHA256
  
  fc764006b963e0c0a0e15cdc273a4491bca5e5fb2045bbbd3c79538bc0bb695f
- SHA512
  
  ed9d46486358ef3cd637317a5a107b89ce42556c91fe07e27e37386f8b13c7ef0a80798436fb63175cd00d02635ac894fa16ba99e5faf9cd34757f3d5f712da8
- SSDEEP
  
  384:5rZgYkNCU+htQdugbMHFu+Eg6ihJSxUCR1rgCPKabK2t0X5P7DZ+kgpWDa9rW:5rZgYkNCU+hMuQMH45FRJCg1
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/redesign/pbo/ProjWizUI.dll
- Size
  
  3KB
- MD5
  
  311aa10ab1c6fe05e80463232e10efa0
- SHA1
  
  19ca5bb1a25514fb7d93aabb7fe7af88ea4961d0
- SHA256
  
  9ea6362959d9aaf043928ff088084998b13ccc7eb06b9c650b5dd2cc0a2a5bd2
- SHA512
  
  1ac12b778fb851cc38fda1754fd4ca3f073641614042035d1c8f8ceffd9adeeb7c4faf588beb9d3b1faa1f6782f2564435d8360655343f131b6f2bbe4171e1de
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral16

agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22