agenttesla

General

Target

02122024_1352_Objednávka_20248481119000903.exe.iso
Size

1.5MB
Sample

241202-q6m41ssjaq
MD5

8b2f7394817f048cb466ad9046458f3a
SHA1

af12cb22f90f8ba4b84b7c8a2d691f66a800fc0f
SHA256

f65bcb980c5bf774ba123d8cdede4a455e766c0b1935f3e0c892608fdc6f19b0
SHA512

cfb17c7e64b20168b2ef7725ce287028795f32290be9428377c1e23e9cf4ba94050f7aed0113a35da9567a8841d6008e7b25f34b235012618f051446adac281d
SSDEEP

24576:pvCFfkjgVitNv7LtnP0deH7ZONDejqaBjiMD95w7:sFfkjvlnYeHqej9iMD9

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.carbognin.it
Port:
21
Username:
[email protected]
Password:
59Cif8wZUH#X

Targets

- Target
  
  Objednávka_20248481119000903.exe
- Size
  
  986KB
- MD5
  
  ffc86dfe93f81bce26a2b4d2d818b167
- SHA1
  
  0fff0a167c2be3c66e3dbc9573482b0ed77bfa48
- SHA256
  
  f10d9ea2a6e79bd7f191737a8c45e7fa3a8c72c2dc3cbe160cca365a42ffac7b
- SHA512
  
  e359da6bc5282126bb91a85d80c5ffe61d3fdf56c6eb1b580938070b8adcf8b6100cc86e94237a4d628bdb82cb8474b5e11e4749df5c5993d89bd28a856f6253
- SSDEEP
  
  24576:SvCFfkjgVitNv7LtnP0deH7ZONDejqaBjiMD95w78:1FfkjvlnYeHqej9iMD9/
Score

10^/10

agenttesla guloader discovery downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0ff2d70cfdc8095ea99ca2dabbec3cd7
- SHA1
  
  10c51496d37cecd0e8a503a5a9bb2329d9b38116
- SHA256
  
  982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
- SHA512
  
  cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
- SSDEEP
  
  192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  sprtter.com
- Size
  
  317KB
- MD5
  
  2065053f8690386adb8cd35f9064c64c
- SHA1
  
  ec62b55f8178b86c350e7b47490046f9b2fb1574
- SHA256
  
  b74077f003fe05f1147d8c96a7deffe44c07cbcfc4f35cf9f97eec69f3e1d389
- SHA512
  
  91e667b943e8e7cab1bb0441bf27170c1cea30253f2c3ea63c9ee305d262df3a7eb1ec1c115852995e6c6a6e01b3dec7b57a3418086471739a71639a7d5a0345
- SSDEEP
  
  1536:ZlQllV6CDA7MPbmnsU16bMeUyDSKeVN/ABuS:SbwMzmYT1e4d
Score

1^/10
behavioral5 behavioral6