agenttesla | d3ca102b990985518abf51ba8d71af250d10d9a017cfda853bbd71eafec3de0a

Resubmissions

29-06-2024 23:42

240629-3p2x3ashqp 10

Sharing

Copy URL

Twitter E-mail

General

Target

Built.rar
Size

1.4MB
Sample

240629-3p2x3ashqp
MD5

a2325b5dc491b035d57092c0fa31a608
SHA1

d8979481d98036dc930085610aebf78ec7d13934
SHA256

d3ca102b990985518abf51ba8d71af250d10d9a017cfda853bbd71eafec3de0a
SHA512

e60160e217d2b819cc2dd785d290f00c8cff0653da69fd97a07a814eee01e51c96f8520cf839461fb8e09647e5b290c451ad58576719b37bd91a23f1eb3b4929
SSDEEP

24576:de6//cCUVuWxOKqeK8QieMm+0chebtEmmxg5EzyPiBWccTkd7+Cbn94YjU:d//ECCuaOK28QieMm/cMxEmwyqBIayC2

Score

10^/10

agenttesla

Malware Config

Targets

- Target
  
  Built.rar
- Size
  
  1.4MB
- MD5
  
  a2325b5dc491b035d57092c0fa31a608
- SHA1
  
  d8979481d98036dc930085610aebf78ec7d13934
- SHA256
  
  d3ca102b990985518abf51ba8d71af250d10d9a017cfda853bbd71eafec3de0a
- SHA512
  
  e60160e217d2b819cc2dd785d290f00c8cff0653da69fd97a07a814eee01e51c96f8520cf839461fb8e09647e5b290c451ad58576719b37bd91a23f1eb3b4929
- SSDEEP
  
  24576:de6//cCUVuWxOKqeK8QieMm+0chebtEmmxg5EzyPiBWccTkd7+Cbn94YjU:d//ECCuaOK28QieMm/cMxEmwyqBIayC2
Score

3^/10
behavioral1 behavioral2
- Target
  
  Built/DoxTool By R_0.exe
- Size
  
  139KB
- MD5
  
  ecd2504705b05177b06b057f96269a24
- SHA1
  
  d86b77a50f37142af0ceb6f16c23969321f8d66d
- SHA256
  
  fad5dc0019728db228b33596164fc5eff1051eb529b6d73fcfdba0760d4e214c
- SHA512
  
  d91c811b8df3c5967e5ea7a96195de81a17685c777daee5c01b891d721ed3b089b3323b09689031bf45ba5cb1498feedccd43c506e5780528e3bac1a4c7abefc
- SSDEEP
  
  3072:PiS4omp03WQthI/9S3BZi08iRQ1G78IVn2ebSkcJv8ltY:PiS4ompB9S3BZi0a1G78IVhcNct
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  Built/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  b429ae86c5be521bc8ca3b164cec3acb
- SHA1
  
  387560073ff5a1f2191abc6f75fc34532bbb6dd2
- SHA256
  
  3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579
- SHA512
  
  eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1
- SSDEEP
  
  24576:DgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nFwHQL:DA+NOpXm1mnj0cP+DkhMAiawnFV
Score

1^/10
behavioral5 behavioral6
- Target
  
  Built/HtmlAgilityPack.dll
- Size
  
  161KB
- MD5
  
  2076af7ba65ad5c78ed01da2b62b668b
- SHA1
  
  79e99ccb91cd1bac2e7f1473fb28bae1a993fde2
- SHA256
  
  d9a13e2b8b53fa9f2f7f8d8fda032e8b0435734d62c578ab0d5c94cab3280e20
- SHA512
  
  e30da6ec1e13f5ff9189a623d6a7d8cdb14e7878d0b3e88177a4dcd14c4e89c490fb0194de5eda31f8b03b03b7eff1a71e1e09f1d693cb5dea92850866207435
- SSDEEP
  
  3072:HHK6tlxjf0meYRjSGT3z7kVT5UM3xbLQxZ2bYCFbZef1B:nL0m1RzIVW1e6
Score

1^/10
behavioral7 behavioral8
- Target
  
  Built/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral10 behavioral9
- Target
  
  Built/RestSharp.dll
- Size
  
  210KB
- MD5
  
  c55b0fab60a00613c68378432e4082ff
- SHA1
  
  1277ba81ef49253ac48e9498a0136e766c37f059
- SHA256
  
  efedd6c667d8d6585738a5c5677e2bf53bd0cb50cedb1c102edef83631dd5384
- SHA512
  
  87d48e7cf3859b4b85bbd8375640b115629dbac213ec9911eaa8123caf83fb0a393f878161e25492a4b61b6136ae90ab8870e20c0fb41789ce33bd065945af2f
- SSDEEP
  
  3072:rd4SlP0wkMIEuHnG84/xtHBzb+SRWEXmzD9ue9x9naUW7MfeWoV3eTvOAFCYGpDW:rTctslXLKgV3eTvOuo0uU
Score

1^/10
behavioral11 behavioral12
- Target
  
  Built/System.Management.dll
- Size
  
  72KB
- MD5
  
  1c71e5310151ce1e9a3a92797776bdad
- SHA1
  
  fd452b874fec4a9dae61a3710fb32749dc7d701e
- SHA256
  
  f515ca5c944c332ab706ff0a7c2e53e66d0d9d8a663e9b2691b35129ee22559b
- SHA512
  
  2a4f18c77449c2d06a3ab6807338f73b03b1faa332e78319829ba3a2b6fd98bb9a83c5e29b47d55e4ce7f0dfdcd8524fa592a0f3ca8ee09daae2894b681265a8
- SSDEEP
  
  768:BrEP45HksbMU3se5c/0b/9nLZV1BCUkVoV0lP7H0CkkiSLJKdbY8Mtuo0eDQP9zu:bbz5wulNV1zkSQzHxkxS9yc8no0nzu
Score

1^/10
behavioral13 behavioral14
- Target
  
  Built/osint.deps.json
- Size
  
  39KB
- MD5
  
  707b1c4f3117af74ae55e9e243d0ecc3
- SHA1
  
  cea67d8eb77c1bf8f597265677d4036728ee10c5
- SHA256
  
  1e0f3e7a3a44b3e108dd684fc7e181ccc3320dd4b8daa4ff7894e63ddbd88c00
- SHA512
  
  d286509d1eb1522c3c6f5ca5498b76b5ec32f48a4630e61085ee27426b76023f4d2bca6ac3b294267a5c879d32dcde6e4ebf6e029e60976826421808b4d03efc
- SSDEEP
  
  384:C+KetokiOGwMl7JIuRmkzbbjGgtsxxqqgk5VSte6E5sO+wH3HvQtqO3zIC1mxIr9:CIABRpbPGgCnPScH3HItqO3zIC2Gzn3
Score

3^/10
behavioral15 behavioral16
- Target
  
  Built/osint.dll
- Size
  
  61KB
- MD5
  
  eccdb3f0140458279adb0147f5596b1c
- SHA1
  
  b09938ab69ba6dd182adf28763f90259a5a8a15f
- SHA256
  
  9c6293f95054168d7e1925bd32f3430800a54b99d215af3461f054ef7103ff31
- SHA512
  
  1d2b2ee0259f0d2ee5345b96baee1d0cff378f5e630d804d8eb6faad68d82e21bd4b4c1c22bf6f4210f9724daadaa224147ae22cdb00163c10873e53ac06398d
- SSDEEP
  
  768:zBnP2ijO8/I/Ih5Fz3g6gYvQ8haqzQc0Vup3tjPPEXZnxPotQY16J10oiD4Jx3m8:4LIhjjrgejPPEJxLY1vozx39
Score

1^/10
behavioral17 behavioral18
- Target
  
  Built/osint.pdb
- Size
  
  23KB
- MD5
  
  ece88b11e3f3e64c264696ac14705836
- SHA1
  
  0140aea50ea5eec3be3aadc75e9d3d4448d738e9
- SHA256
  
  e6ee30463b9090d04b452270b0dd80b552729d1366287993d8e7ca6f9fc85167
- SHA512
  
  79de5e22078db0a13b13ccf19e14ce2cd10c25c176762852374245cf0613a8a2644d464be0bc56d552490c656e468c89f95059d28643c250d49780316dc61542
- SSDEEP
  
  384:zcCO/aMUuKHLWjP+9kgp5ZzUqCdfaMsb0xButYiskCd7AiDfCLT6PvBGboIfCIHN:gaMUuEF9k85JKkmXi9b0BKTIShNkTDur
Score

3^/10
behavioral19 behavioral20
- Target
  
  Built/osint.runtimeconfig.json
- Size
  
  458B
- MD5
  
  07b9a30265ca4e69c7016a1b6e3ffc27
- SHA1
  
  3a4af82a2695b1423aedd8b60a5c86793c011b02
- SHA256
  
  c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782
- SHA512
  
  efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c
Score

3^/10
behavioral21 behavioral22
- Target
  
  Built/runtimes/win/lib/net7.0/System.Management.dll
- Size
  
  288KB
- MD5
  
  76e0aaa7182e77403bf6fe2af8d90f28
- SHA1
  
  d013c5d649f9ebce5bee1c8b774f3290b1f1f532
- SHA256
  
  a7e248c3e6f25f4673e2006fa77f4a4322a3c74c2652dcc395178329feb7ff28
- SHA512
  
  8e161a375fe174d9b203c2a098c92aff411d8521eef133d5174ae7409c394157f7a067c2a9dfe3f76cb02acbed52c33a11579b9a1cbee75e4092e6487d1a7bc1
- SSDEEP
  
  6144:TMbKUVLmD7HP9ab+T5sBFzPnQpEZFAc2Q:45VL2Z++tw92Q
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24