agenttesla | 537ac001bfa8a1b6f2c7faab2e602493bae7472095af0aa616ddc5891f1d8145 | Triage

Submit
Reports

Overview

overview

Static

static

MT_08312_167027.exe

windows7-x64

MT_08312_167027.exe

windows10-2004-x64

Sharing

General

Target

MT_08312_167027.exe
Size

130KB
Sample

240624-nlj6hszbpe
MD5

8a82bc638ef7460d3d34eeb197826cb6
SHA1

94b8829259e596f14b6d734701203ece0e0b0cfe
SHA256

537ac001bfa8a1b6f2c7faab2e602493bae7472095af0aa616ddc5891f1d8145
SHA512

a005df3f4cc5ab148278fa46c48161c00bf40625d5416476cd512c8d7fb416b02a56a4bc9b7f82a7f434a8c61ee56676173abe66d6e4971bdbb32628b8b7edb8
SSDEEP

1536:xkzyh9vFEzeAJgZgqA/bnKGU6Lk8u2qHlllllllOdQlwEn+glllllllllllllllB:QynvCeugyqAznKEtYwiVxw5lM

Score

10^/10

agenttesla purelogstealer keylogger persistence spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

MT_08312_167027.exe

Resource

win7-20240221-en

agenttesla purelogstealer keylogger persistence spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

MT_08312_167027.exe

Resource

win10v2004-20240508-en

purelogstealer stealer

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
ABwuRZS5Mjh5
Email To:
[email protected]

Targets

- Target
  
  MT_08312_167027.exe
- Size
  
  130KB
- MD5
  
  8a82bc638ef7460d3d34eeb197826cb6
- SHA1
  
  94b8829259e596f14b6d734701203ece0e0b0cfe
- SHA256
  
  537ac001bfa8a1b6f2c7faab2e602493bae7472095af0aa616ddc5891f1d8145
- SHA512
  
  a005df3f4cc5ab148278fa46c48161c00bf40625d5416476cd512c8d7fb416b02a56a4bc9b7f82a7f434a8c61ee56676173abe66d6e4971bdbb32628b8b7edb8
- SSDEEP
  
  1536:xkzyh9vFEzeAJgZgqA/bnKGU6Lk8u2qHlllllllOdQlwEn+glllllllllllllllB:QynvCeugyqAznKEtYwiVxw5lM
Score

10^/10

agenttesla purelogstealer keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslapurelogstealerkeyloggerpersistencespywarestealertrojan

behavioral2

purelogstealerstealer

© 2018-2024

Terms | Privacy