agenttesla | c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949 | Triage

Submit
Reports

Overview

overview

Static

static

3

c63fe37f6f...49.exe

windows7-x64

c63fe37f6f...49.exe

windows10-2004-x64

Sharing

General

Target

c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
Size

825KB
Sample

240427-ca9q9agf75
MD5

33c0285bfc8c159a86e5454120869ff1
SHA1

16c4877c922ef67eccf3b83133ffb70d13d9f16d
SHA256

c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
SHA512

56a39a40eb90054606fd106a7bd4e438481048784e8740919990ebd08ca590e7b64c4fdc38e83ce391a4bc67906f645aaff6249f4945c8f97d38ab99bf089ad0
SSDEEP

24576:G3PjKr5BNDeU0bFk8rjpM6LfsYS61v0cKyKfU:4k5BN2cXy+1yx

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949.exe

Resource

win7-20240215-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.nationalkham.com
Port:
587
Username:
sales@nationalkham.com
Password:
kham1234
Email To:
newmankint@yandex.com

Targets

- Target
  
  c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
- Size
  
  825KB
- MD5
  
  33c0285bfc8c159a86e5454120869ff1
- SHA1
  
  16c4877c922ef67eccf3b83133ffb70d13d9f16d
- SHA256
  
  c63fe37f6fe23890caba830f78323552697ddffd5cd186bfc7ed4cffd78e9949
- SHA512
  
  56a39a40eb90054606fd106a7bd4e438481048784e8740919990ebd08ca590e7b64c4fdc38e83ce391a4bc67906f645aaff6249f4945c8f97d38ab99bf089ad0
- SSDEEP
  
  24576:G3PjKr5BNDeU0bFk8rjpM6LfsYS61v0cKyKfU:4k5BN2cXy+1yx
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy