agenttesla | 79de0b2b53920c32564d59ec6c92c1a5478ac32594010ad4cc59c3e1310becaa | Triage

Sharing

General

Target

CodeSpark.rar
Size

10.6MB
Sample

240630-tn393atenl
MD5

3f81e265eb9652e8bf955527dc22bed9
SHA1

9202084b806be7e7d4fd8b6c3deb9641301547ca
SHA256

79de0b2b53920c32564d59ec6c92c1a5478ac32594010ad4cc59c3e1310becaa
SHA512

eea47d51056783963f6cfbcac6b521776ec840862ab655d2f5f05a064d9bb7d300a21311ebcafeae975cd0980862f3d6613a5cdc1005d8492e12412924d2e232
SSDEEP

196608:2SnkZ1OibA/opaOcRq2cupCEuwMUgAB6kpSjnwUW5AJuhgnHz+altHx:5nUOX/opiRqcCz7LADpOnwUMAJuinHKa

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  CodeSpark/CodeSpark.exe
- Size
  
  131KB
- MD5
  
  f6fdbff3de3977c0b68988f520937964
- SHA1
  
  ff037b505078bc3705bab9e7df412a249aab1116
- SHA256
  
  11b5e562c8287d015259604d69fc2995cf807deb3557fa8868659d7de4384871
- SHA512
  
  0174e06f2b275b604bd695c498cf24738d1d365cd7f8480b30eb06fbef340f44097bb013568b3826389c44d6febc4aa4f0c3655334e10019dcd35d8aed42d88e
- SSDEEP
  
  3072:/DefJkRggXw9gdAp4+a/hCKEnRDnje6RKeUd8iXXoVGZLa6fm:/Dv7Aglh/AFnjxRKj8iX4V2
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
behavioral1 behavioral2
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/array-flatten/README.md
- Size
  
  1KB
- MD5
  
  328fdaf1ee65869341567f4fb6716e02
- SHA1
  
  98efa9e4bd6d6bca4ebb76991a2187a8a496c8b6
- SHA256
  
  071dd896356da12269508f361958ec622e47b27a96d7efdba23b671bc3470416
- SHA512
  
  40378eeeb21474e8be2962853b1d279ab8e167e68ebad08ae4e7932c131da317672852916bcc1000ec43a0163653c45158a9a8be819b4a6479163ac8c5391ca5
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/array-flatten/array-flatten.js
- Size
  
  1KB
- MD5
  
  4b17fa06c54846b686b8b799e9dd253a
- SHA1
  
  fc6cc30e8b8ec09eeba62bac076ed627aa3ee8d1
- SHA256
  
  766ca145b6d25e3d60f352a716e8fa1876bcdf362c0767c360cf24f335bc281e
- SHA512
  
  72df1668f464f6942c484155b667086bb6f83f77e826ffcd146ee045079db3334aba270bffb66cdd796d4c9308121ec2a67a404289f19914c45d9a6c15435e71
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/body-parser/README.md
- Size
  
  17KB
- MD5
  
  3152126cd7d54ede5697046e69a7e589
- SHA1
  
  3c8820c682cc2e043465d9aafbe1e182571e941f
- SHA256
  
  1a8c31593d425887df10e400a765d3f86f3b195b4efdccd44ff4aa542c03380b
- SHA512
  
  73b3c1fa28e96f744e7e6a58a13d6c5b31646cf06fe47895c226ed61198c5c2bcd4a2dc0c4447de54ea15d5d56d7e330ad1335b3659598cc576a88e791c16358
- SSDEEP
  
  192:eBmKv7ygazeyidkShRvtlgem3x1A6H9wSu9kYPaDpIQVf3X/R0yV2aaX2JC/vuZA:xKFO4d/63TA6H9i9bSDKqvXpqmC
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/iconv-lite/lib/index.js
- Size
  
  5KB
- MD5
  
  c1da5b53fa60006bc973dc785bed2ca6
- SHA1
  
  68ccc5b53b1b7aa66dae594ad3150b0f66d158a5
- SHA256
  
  77d20e2fd5bcd9e324fb6cfdb909cd06fdaf6a91769adffcf4d7c4c066cce4c3
- SHA512
  
  8d8ac4e9119bbe1f9a8475edbbffbcb260d17eac94bd5c0ab321d1012fcd0762786a449259355f25a10905be18051ca494f120d0e826005ba33468b05cfc54f1
- SSDEEP
  
  96:wsWY5niEC/jgNGAPtbCnz1lrDVOlraCr3q14lYU5cO5FnTncbvf6yYi:QEiEajiLCzLrDCraMaal95jFngb3tYi
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/iconv-lite/lib/streams.js
- Size
  
  3KB
- MD5
  
  8628e41438801c5bfdabf3be9b1ff548
- SHA1
  
  3982c3e4c6abe5ec4064a8c5196395067d0c504b
- SHA256
  
  25a423eaf41f8dc6bc40cb28189a24e2d63b990ed72c824940bed55d0264ea6d
- SHA512
  
  6bbb6c654b75a23e73343f2cbc8eb84aacb09a98e4e49a875689e75040333edaaebdc8649da8399bc89532150dc1aa30f5f0fb07c1523c94a6cba3817f33a88d
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/inherits/README.md
- Size
  
  1KB
- MD5
  
  de7eab94959b05c9765cad499ab092db
- SHA1
  
  f2f8d26f1cf5fb1e3a68aa225221b064f999fefb
- SHA256
  
  b33c8be1ca837d9e4c9b0e04a550feacbc101556164d3cdbb875aed6ccbb8a29
- SHA512
  
  1dba8a8aac506a71da9869349d64ad1e83362690e5b11a6b0ee73e6a2019a7dbaed452654029ce641254d1bde3b3d3e4bbb0fd31360846b8cfd01dcd25793597
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/inherits/inherits.js
- Size
  
  250B
- MD5
  
  9ced637189714b8d21d34aeb50b42ae8
- SHA1
  
  222da288a07d8f65b2aed9b88815948cfe0b42d9
- SHA256
  
  bb380f32bef5feb18678f0f45f88073fed5d7a0069a309132cb2080cd553d5c7
- SHA512
  
  59925a20877c9193308e6766b96c11b6d910b45583c73498b8761b091231bce2f4f7d95eb7d2b2e83d6b8a595689b80878c27e7c1e87347ba03f6ccb0c945cd1
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/inherits/inherits_browser.js
- Size
  
  753B
- MD5
  
  184872b18b759a37285bee13cd1cd0e4
- SHA1
  
  70fcf71f449139ecbf7a5d6c78ece069bbdf4dc3
- SHA256
  
  ad322a7b1dec60f3d2ebda2091816469efb55b567d241cf3cf0fa4c5a4afe500
- SHA512
  
  0b6f853387d1ad11bc77997f278f2503ce921a5f7049978bf60b63a1e9a772238ebef67808c2132f35d6a198cb6432eb43b15769ff420b8db64959cd0a9e50cf
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/ipaddr.js/README.md
- Size
  
  8KB
- MD5
  
  6782f9a6accf829084c303895a2c26a9
- SHA1
  
  e1553f0d26581f4312008a49b40ef8d0b0e4697e
- SHA256
  
  025b1282fbbc2f7f270e08b29414b7bbde469284564477f38b3519446aa16220
- SHA512
  
  5f882221434e7de8140dc02ecb9a26e3d4967d8a38355d3e6bcde725ee301133ac4c977180196d4f7741d8d51c303ef004e22b5aee163a9ac3c3284f452529e4
- SSDEEP
  
  192:VpD/igBoQXO84nmgyFnc5qYldSmHSSXzi:VpLDXkhYc5qYl8RSDi
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/ipaddr.js/ipaddr.min.js
- Size
  
  9KB
- MD5
  
  25cbb7a40252e3e2004437b72e1eaee5
- SHA1
  
  9abb27f31a6af75d8fedc6b97a0ffadc87238ce6
- SHA256
  
  ab95215c182a1bea49617080dc12e52e3e80521894c37ce0478b69326c151440
- SHA512
  
  3e309d7b0d16ab26dd9d68628b57e5d77a462ad044644b2fb3b63bf095bb68d5851d97a6336e7bc31550c64b67577bbca94ea2fea70ea9654f9de50bfa80ac5b
- SSDEEP
  
  192:sr++pWF8arWiasLV17s5W/KG1xZQ19asIBdh9yNyuEuSyj+CShTJ9W:srppWF8arasLV17s5W/ZxZQ10sIBdh9k
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/media-typer/README.md
- Size
  
  2KB
- MD5
  
  6e254e8ccc8ce7eaf9cdd8e5852d7bdf
- SHA1
  
  7899a1b0b168a36a0933d91ed9c3e399751a8d9c
- SHA256
  
  12b47b8b2e2a0f70289b2f3fd9f810422f918b78024e0019e86c2c9bc4af695a
- SHA512
  
  2bfdc2ac9137b0dc157e56951707f3dc0fc3fa8d721d84f891b0987cc456008bf6c29ae5dedeac965433bd782dbfe246119035b9714f34f526d1335eed117088
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/media-typer/index.js
- Size
  
  6KB
- MD5
  
  ef1845377cbbf76edd411a370738ed2b
- SHA1
  
  cc79807e8585c09fb195ffb8ca37bbc04dc26708
- SHA256
  
  27af6de782c53c57c4a8f111a81cd26b8d68c896c2dcd83e27da4c73234ce16b
- SHA512
  
  42ab06cb822a3c6949252b3945e962b0d343f0fd12492a8650c525733d2c9f7d6ed893e05922981da05b92909600c6f2e42a75cbeffbf14eb2b8ed167eb8d159
- SSDEEP
  
  96:Yn3wI5CTe4oajGzdxa3ua+60ZKVL/d45eyMqhhyINF+j0tstwz7sgH:Yn3N0Te4Hj8KJ+6/oRbycMYCwT
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/merge-descriptors/README.md
- Size
  
  1KB
- MD5
  
  92a3bcc5f7e8a33de24b60bd6ca5c33f
- SHA1
  
  8a466525191de1d001d572ff8a6918879c395c3c
- SHA256
  
  ace60d05b7af34523eefd407449e52f2b9ea33e26e212cf4f4b389ce60186320
- SHA512
  
  730fecb727af2aa7f2e5123c3cc17f8ed1526298fce4c0979e16332143d0eea9a080782299b986894a44c0792b154015be00d9ea2f632b663e398f5f7c61802a
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/merge-descriptors/index.js
- Size
  
  1KB
- MD5
  
  b4d3859e603602c87a45682862055af0
- SHA1
  
  e95cb1c14d70be457eba2ce61b2f4e90a13b21b1
- SHA256
  
  88564234b9eeb2f0fe2cc5d03f617a97eb4802f126bdd21aa223c3c87c02531c
- SHA512
  
  b17bb8c8b652f27d8037ed60f28b0d19a68e77bcc45d1e2be7dd304c942f6e85570e9720011f983fb8783d670eb66c0c3174d5fd90690b2aa79c2b402adcd00a
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  CodeSpark/Monaco/fileaccess/node_modules/methods/README.md
- Size
  
  1KB
- MD5
  
  882a4df2d7dc4b518fd3bb8c85e1c652
- SHA1
  
  4148c08077812690aeb399d0b063df47bb2ea674
- SHA256
  
  118d134e8bcd8b81d0a3596e0ded6d10372f9ec1e5df5a5b8b4295923973c7f4
- SHA512
  
  1403b308e281c31b278f04aa43abf1b0ef377d8b6f2a5be7fea7f158446861e5fac90b323734b81023467565b4771a197ef1b3f98e283f68410c62de1e0917bc
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32