agenttesla | e6e6c8b2f2d2eef2b954c2271dc863eb8abe44bb14269f73c35809084c6e7b70 | Triage

Resubmissions

13-12-2024 02:03

241213-cgw4qsvme1 10

Sharing

General

Target

QFAdminUtil.zip
Size

3.0MB
Sample

241213-cgw4qsvme1
MD5

0982cf4f42d9c0b9cad7ada6005e0857
SHA1

daa2d0eb1f414eed9ff90495daad953b84c72adb
SHA256

e6e6c8b2f2d2eef2b954c2271dc863eb8abe44bb14269f73c35809084c6e7b70
SHA512

176db1578104d20cbfb414f4363a7e48866c19947538d6754a707204c5ff98c274a65db32496ff7f3ae7b4a848edd9e69d8cf643457572cdbf9efe4f34ae3bf3
SSDEEP

98304:QaOq6bsrKWTmpu4T7AB3DKxzMxe+FsQ39ua:QHqqMcg4T7AB2xzMppD

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pgsu.co.id
Port:
587
Username:
[email protected]
Password:
Vecls16@Vezs
Email To:
[email protected]

Targets

- Target
  
  QDecrypt.com
- Size
  
  952KB
- MD5
  
  be6086b33699a2c56233cd55c36ecfca
- SHA1
  
  bc9ae30e3fc72d3a40c864095cbeb4c55b51ccdf
- SHA256
  
  fec18f885bc9b84835873b54705efa4e92b47fe50e9c9a8b0ff935f1d173758d
- SHA512
  
  f64d44dd3048d74a62b627e72a569d8d72a84a0696eb55d09d49d0d1fe77e68a59e44dcef3ce7b94f83043b0302b52d81c4489b81550d429d1ca58c595180562
- SSDEEP
  
  24576:grGha+IYGXRz8vgobejS932cUSUsjs6666666l:KGEhX9obH932cUSUsjT
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  QDecrypt.exe
- Size
  
  2.7MB
- MD5
  
  c694c93801796870df895aaa4f07722b
- SHA1
  
  ecf845c3833a0c36ef3d8309d2cddaf25198070a
- SHA256
  
  6a7c5676594dfc44bb5c2d3363cc4006ae57a2ac16cad6cd088aba96434a52ab
- SHA512
  
  c6f2cc9b61c8eee80ad1634171a000d766dcf809d5924be568437e05d571b6bc02d680cdf8316dcd6f395809ae284f0f437a88392beab168d3a42f72d925ba96
- SSDEEP
  
  49152:dnYi6rOCgUUCz5i1+yRbVqdjNCm9X9RcUKUsjVLdcmkTwbx:x17uMxM9XSzx
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  QF-mx1.kominfo.go.id-CF31543D9DD2.01
- Size
  
  575KB
- MD5
  
  c34bfd636a75194781de91c0258fdabb
- SHA1
  
  75b3fc235e19dc13d79c557e1969fda2fce978b7
- SHA256
  
  b1890d378ed55550f8e77ec19adb6862127cf0525303338e0ed7bfb13eb54ade
- SHA512
  
  d056d5c9660c155ead6ed63edaca8b01bbee297c136e763fa62d7202277b8626b2de2a85bd9dd2efea6618b52edc74f9520eabc9dd6abb86d54c0ba282defc69
- SSDEEP
  
  12288:FNrBnXcR3paI3PcKZ84ul/DogY4K9kpCor9cWeZHlyRPgu:FNtsR3paIfcKZ8911PUQCoBSZG
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  vsapi32.dll
- Size
  
  1.7MB
- MD5
  
  144b85f2e6937ef8e0375e851cc66805
- SHA1
  
  81008024956c4edb1f1eaeff2bcad8a89073d2fc
- SHA256
  
  7898fc65bfb0f93eb2a5134dae8b8efdeb279d07278d53176b8d22812ba8ea6a
- SHA512
  
  f21893449d3d7cde8e87f937f9b89949ef4ba3c743dbb48c1b0f75097111a5aec5658c1ea23ebea0c02b19b3d22930f4f8ec55f86757c78bef4a3ae7d95d24e1
- SSDEEP
  
  24576:/Fpw/1LTM9gc7uapTcLprrneZyOEkh611hO0BdGlF09Ha67SzivsLsTH9O2ZZc+9:ksic7IfeZyTPBAl+0hLsTL4JclAc
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8