agenttesla | d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384 | Triage

Submit
Reports

Overview

overview

Static

static

1

d7cdcdd118...84.exe

windows7-x64

1

d7cdcdd118...84.exe

windows10-2004-x64

Sharing

General

Target

d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
Size

920KB
Sample

240428-bdlyxscg5x
MD5

28c3a284905b7996294d725c948962a9
SHA1

2429a4f7c95a8ba436348f47813cba0815f8196a
SHA256

d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
SHA512

3095b54dd0475e2ed2e5c3520fdeb361dd9065f6a8a2324f2cf5d0b5457c3091aed3de6d9ccffd4ecaf64e3277a6221f35325edde8847e417fc3a762389329df
SSDEEP

24576:L0Fn3rHlRpp7zBerXIosFN5JlkqHlch2fC3z:slZP0T6FxfqD

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384.exe

Resource

win10v2004-20240426-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.lilydesign.com.tr
Port:
587
Username:
muhasebe@lilydesign.com.tr
Password:
0508Lily0508Lily*
Email To:
info.superseal@yandex.com

Targets

- Target
  
  d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
- Size
  
  920KB
- MD5
  
  28c3a284905b7996294d725c948962a9
- SHA1
  
  2429a4f7c95a8ba436348f47813cba0815f8196a
- SHA256
  
  d7cdcdd118dd53207584a5e0e72e90000e97bd462b74a77c24af5cf0361d6384
- SHA512
  
  3095b54dd0475e2ed2e5c3520fdeb361dd9065f6a8a2324f2cf5d0b5457c3091aed3de6d9ccffd4ecaf64e3277a6221f35325edde8847e417fc3a762389329df
- SSDEEP
  
  24576:L0Fn3rHlRpp7zBerXIosFN5JlkqHlch2fC3z:slZP0T6FxfqD
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy