agenttesla | 3183d60e2862766226642f96c526ac8acab7192b1fcf08b6a49f6ce58e597a47 | Triage

Sharing

General

Target

FlexerApp.zip
Size

25.2MB
Sample

240630-s6g9wazfme
MD5

99bcc059119f05fc6f537155e83726d4
SHA1

a45ebe04e58ba883d04dde98d9fe4554d7b682f1
SHA256

3183d60e2862766226642f96c526ac8acab7192b1fcf08b6a49f6ce58e597a47
SHA512

9fd6b6f75c5c23f26992054610c4ad5daa70133b58addeb842993ec090b4e5a74f316a485ed797facf7a620775af298a726c692e6627f58e3223408a5180a999
SSDEEP

786432:klvmLtYdR48021SljKTVKyWW2Bu4DBVBV6hBRji:klvI8RAaVKyZ2B3HuhBRe

Score

10^/10

agenttesla execution linux

Malware Config

Targets

- Target
  
  FlexerApp/Flexer_Windows.dll
- Size
  
  292KB
- MD5
  
  f9895e5aa823591bdb2abd602711e01f
- SHA1
  
  6c7cc1e9b8865e00dbeb2f3ec7134d3936541229
- SHA256
  
  61ba333eae9bb5354009320ab96eb3dbf638e2013e3eb1fcd3262d26a43c52dd
- SHA512
  
  c2e1ef025022a245501cb4d6970406b2d22e3acecb716d1636190e95d858be7d6b912c0d79589d1abafa99d41cc84669a570f1fda4106fc9d98a0303b164624b
- SSDEEP
  
  6144:cFyI+ssfUkxkHMDknkJoU9ISmsGkcnjmaORgOqwk8E/YHImjv4wey2wotuhtw:cFybhKsDVoUqFsGkcnZKgOqwZhHImjvC
Score

1^/10
behavioral1 behavioral2
- Target
  
  FlexerApp/Flexer_Windows.exe
- Size
  
  139KB
- MD5
  
  1df7f832ee8e216c1dde269055a4a141
- SHA1
  
  f9608ce4dec5a56b7d6a3bf78f847f7bab45f0a2
- SHA256
  
  f6d7f2c2a655a0410f4a4c96898fc6a34e5b87544a13234a263897138f558a3e
- SHA512
  
  44500ae0add6ea83b25d31d70ee130fa2bcb9b93784c3c008805703b0f36c374ece2cbf439c699957cdae16d6646403e6cad92ddbfd2ecfa180ef6e86ada2960
- SSDEEP
  
  3072:XiS4omp03WQthI/9S3BZi08iRQ1G78IVn2ebSkcJu8ltx:XiS4ompB9S3BZi0a1G78IVhcoct
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  FlexerApp/Flexer_Windows.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  FlexerApp/Flexery.dll
- Size
  
  4KB
- MD5
  
  0d83d6c2b5675025fb810118e5e6076d
- SHA1
  
  d1b4db86004aa4301b72e2f91f2e22117c10ec25
- SHA256
  
  311f53e2870a3f9c55e6f9e75106abb48f456a68163add52ddbcf828e48a2e0f
- SHA512
  
  1d66746da8b24c7410c5dab618b8a971eb965b1f62ab713bf07fce48bbe374df0a8549edd71e4f01de2eeea0f19fb1eff93bcd765c13187d34516d6711ae7175
- SSDEEP
  
  48:6m+lJx8cuNZR43Iw6NM0xLv1VJV+tqD+OsFtRB/lr6MtIsCF:AZuNZRlpVJV+t8c/Z6Mt7
Score

1^/10
behavioral7 behavioral8
- Target
  
  FlexerApp/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  b429ae86c5be521bc8ca3b164cec3acb
- SHA1
  
  387560073ff5a1f2191abc6f75fc34532bbb6dd2
- SHA256
  
  3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579
- SHA512
  
  eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1
- SSDEEP
  
  24576:DgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nFwHQL:DA+NOpXm1mnj0cP+DkhMAiawnFV
Score

1^/10
behavioral10 behavioral9
- Target
  
  FlexerApp/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  2ab84dc690059b2bd34d2f00561d6af4
- SHA1
  
  49b665b40a5ae995edfec80caf7e409c9795e9dd
- SHA256
  
  a1e096c6842b9f443679f47e321379d15e1f93c77fd0b6d32b9eb0e93e25ac89
- SHA512
  
  80d1c0fbe937655f1e78549c4bdaaa7d8aa55a74945c16f3663fe270c0a715eb7f89dc66490a0164f33444aece768a41e894bdcaa50ce2f88a6dab77b9809afa
- SSDEEP
  
  12288:vClswUBor3lJrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIf:vSjqA
Score

1^/10
behavioral11 behavioral12
- Target
  
  FlexerApp/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  f91b34b32c3af1516c12188fa9875350
- SHA1
  
  885dba53919d1c4d9ed36bb38ad12c2d5c35a0b3
- SHA256
  
  50f28d5705da825b3fda973b5256f7c5ee33e0679973fbf1bccb5027c3e3311b
- SHA512
  
  8dcff5bec01a4bb7428d9d57037e6c8b2e5e3f091e4d433e26bb9c82ac43c7b074d90636a34350455451d7a95300c9de5ba76aa8574f6823b488c0d0ddff8b80
- SSDEEP
  
  768:LsjCEEHJ9l0EeFZ2sxIHTttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKQ:qCEB15aTttZDgcEST3p4JjrjaJ+SG2a3
Score

1^/10
behavioral13 behavioral14
- Target
  
  FlexerApp/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  ffb9d7f6546e00c3a97edcc0ed0091f2
- SHA1
  
  cdf7aa51565725c9efe548ac7258da025a4d8b34
- SHA256
  
  744b0e990f9eb292abddbe021f38be86912386207e0fb352a6ec804b61d42d97
- SHA512
  
  16c1c1a0477c7f7839514783b60cd4759e9ae01e11567820d11234337951cca819475e658026d97df3e6c7277cd575581887c0056cda8cfc8a83a448b375f3c6
- SSDEEP
  
  1536:DpGhWMhWLF9/wKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Pf:saNi8LDP/b0GBy4JjrD1aah/UaOzk6h3
Score

1^/10
behavioral15 behavioral16
- Target
  
  FlexerApp/Monaco/.git/hooks/applypatch-msg.sample
- Size
  
  478B
- MD5
  
  ce562e08d8098926a3862fc6e7905199
- SHA1
  
  4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
- SHA256
  
  0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
- SHA512
  
  536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  FlexerApp/Monaco/.git/hooks/commit-msg.sample
- Size
  
  896B
- MD5
  
  579a3c1e12a1e74a98169175fb913012
- SHA1
  
  ee1ed5aad98a435f2020b6de35c173b75d9affac
- SHA256
  
  1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
- SHA512
  
  d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score

3^/10
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  FlexerApp/Monaco/.git/hooks/fsmonitor-watchman.sample
- Size
  
  4KB
- MD5
  
  ea587b0fae70333bce92257152996e70
- SHA1
  
  118ff5509f187039734d04456bf01e44c933ac19
- SHA256
  
  f3c0228d8e827f1c5260ac59fdd92c3d425c46e54711ef713c5a54ae0a4db2b4
- SHA512
  
  f5a4d2bff93161eb61b9902ff74d5ee20de3316f2b1c5ad49299deaf1adf231848c5501b6e4a840e5b898791f86c66eed6f3b05ff573073674177a33a1f2ae9c
- SSDEEP
  
  96:GFCscBOvOFXDgRvi/3eCwX9PlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRamCwX9PqRo7geEk3IzCa
Score

1^/10
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  FlexerApp/Monaco/.git/hooks/post-update.sample
- Size
  
  189B
- MD5
  
  2b7ea5cee3c49ff53d41e00785eb974c
- SHA1
  
  b614c2f63da7dca9f1db2e7ade61ef30448fc96c
- SHA256
  
  81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
- SHA512
  
  473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32