agenttesla | 8363d012b83800ad66b80801e6267345d35a43ba6f1335baa5483332b36840a5 | Triage

Submit
Reports

Overview

overview

Static

static

3

doc20240627-00073.exe

windows7-x64

doc20240627-00073.exe

windows10-2004-x64

$PLUGINSDI...ge.dll

windows7-x64

1

$PLUGINSDI...ge.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

Sharing

General

Target

doc20240627-00073.img
Size

1.2MB
Sample

240627-lc2m4atfpa
MD5

8d11896bafd042c224139a325b60f723
SHA1

3e63ca70a19c869df4cfd3fa14acc51b70a0895a
SHA256

8363d012b83800ad66b80801e6267345d35a43ba6f1335baa5483332b36840a5
SHA512

8cb1563d341032bc6884cf40c2c07fb562bb86c42a23f11c2835070f8bd23e96513a0f209a99ac8086d7a18b857fb3dabc4974e33c27ef3411177c7806fca58d
SSDEEP

6144:0VGdx6xuO1TzGL7Bq0XtpZ+lsMA2Usp58ie1VvfpK70qkmXkbgn3/2tw:It1TzGLFtXtKxxEr1xg70ZEkbM3/2tw

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

doc20240627-00073.exe

Resource

win7-20240221-en

guloader downloader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

doc20240627-00073.exe

Resource

win10v2004-20240611-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/BgImage.dll

Resource

win7-20240611-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/BgImage.dll

Resource

win10v2004-20240611-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/System.dll

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

$PLUGINSDIR/UserInfo.dll

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

$PLUGINSDIR/UserInfo.dll

Resource

win10v2004-20240611-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sslout.de
Port:
587
Username:
[email protected]
Password:
dataset123
Email To:
[email protected]

Targets

- Target
  
  doc20240627-00073.bat
- Size
  
  399KB
- MD5
  
  86ab45f914a047213012a783615a54fa
- SHA1
  
  42166d9321e30e79c33583e77a0d3de67e6142f2
- SHA256
  
  bb2c0f8952c81ef515102521083091df311b71929dc075a506a93cc5d8855527
- SHA512
  
  cbb6a1ccb8c4e28c8ea22c2ad881b7ef8c243c8e6f3abd5fc818d080a6b4417fb0ac5f412d488e46865fd5fe5db64e83b70c965e28fb65df9ac03696ee240a1f
- SSDEEP
  
  6144:bVGdx6xuO1TzGL7Bq0XtpZ+lsMA2Usp58ie1VvfpK70qkmXkbgn3/2tw7:ht1TzGLFtXtKxxEr1xg70ZEkbM3/2tw7
Score

10^/10

guloader downloader agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  e9f3051a79f12aed819b91f028a463c1
- SHA1
  
  d088868584cdc04d391ec27cd318034a5ce562bc
- SHA256
  
  91b8073e8e67945e14fb10963fc9101fae8c298bd4cd7080b4e47b5bdd4af85c
- SHA512
  
  eac1fb48403959dc8a5ed20d8ced83c2276c510a781191c9f850bd3a9214c10c8ae0a4d9159dc3bb08f9686bc62f25dd31cccdcc48f568cc8678012333afe894
- SSDEEP
  
  96:8eKGk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTo4j7J3kWyy/:tKhTJa2roqJyA2EN8diuTVje
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  a6f622a2f12ac10bca04e23deff5cada
- SHA1
  
  abf851b5ccfb64004e9b49718a467bd754545887
- SHA256
  
  b8fa7b9393fff910144768588c471ca7c9ec98a2b8b186b2172b8ba7a5279500
- SHA512
  
  35c8b0db179104e638f1b40f3f8038a41fdc327e112de5cb0dbb97cbf1dfa276fcf6400fcb46b88cb5ba233ca769becbdb4b4d40920adca831e3c0f38193c50f
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

© 2018-2024

Terms | Privacy