agenttesla

General

Target

Document_PDF.scr
Size

1.1MB
Sample

250327-rey8msvn14
MD5

413cae37425edcce276f91625c47b2a3
SHA1

81d012baa1f6942e91e4ef572d10216449f3d031
SHA256

e6f324fbaefc81fccbdfe6fed5149208f57f433648f060aed9dad2e5e6e41914
SHA512

1aef7b5dd04a0fe7f74514ca5ba702d667c921326102c02fbeead32a49b8b95338b88f4ad3062fc44679dfc55c54c96b00078b50a7d7bca52a9289173b21bab6
SSDEEP

12288:SgvDFlHAhy4T2sEfc5hWjVWGl85ukYm27iFBKb2VlpylaU0zmcHq3lBwD7DpVs:SgvmDasqc4lJS2FOdmcHZfD0

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://176.65.142.225
Port:
21
Username:
Val
Password:
Val56@@

Targets

- Target
  
  Document_PDF.scr
- Size
  
  1.1MB
- MD5
  
  413cae37425edcce276f91625c47b2a3
- SHA1
  
  81d012baa1f6942e91e4ef572d10216449f3d031
- SHA256
  
  e6f324fbaefc81fccbdfe6fed5149208f57f433648f060aed9dad2e5e6e41914
- SHA512
  
  1aef7b5dd04a0fe7f74514ca5ba702d667c921326102c02fbeead32a49b8b95338b88f4ad3062fc44679dfc55c54c96b00078b50a7d7bca52a9289173b21bab6
- SSDEEP
  
  12288:SgvDFlHAhy4T2sEfc5hWjVWGl85ukYm27iFBKb2VlpylaU0zmcHq3lBwD7DpVs:SgvmDasqc4lJS2FOdmcHZfD0
Score

10^/10

discovery agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  6e55a6e7c3fdbd244042eb15cb1ec739
- SHA1
  
  070ea80e2192abc42f358d47b276990b5fa285a9
- SHA256
  
  acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
- SHA512
  
  2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
- SSDEEP
  
  192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Butiksassistent197.Deb
- Size
  
  504KB
- MD5
  
  b8e9d1cd2eb0967765d850e80cf571c5
- SHA1
  
  4c1c35e1044254fe67b63fafa0c079d72e2997df
- SHA256
  
  81757d5fda27591219bf9dea0a438de6519ce57ff1c0dce5151e24863f5ede00
- SHA512
  
  abbebb4071a0bc1e031c04575416245551b2fb1688e4da8234fe1dd2a95b695f0e5c7afeaec07fdf883b8898ff73e1d2d1707416f1ca42a15db63ebeb309968f
- SSDEEP
  
  12288:KsvTz9oo4B2e+16BDYTyWZ5y6zDJWWPyC96iWIb:KsvKoqiUkyIDJnPx
Score

3^/10

discovery
behavioral5 behavioral6