agenttesla | 4bbf9ed702b29b21bf873a4c492534217b3a3e1db434293973665a6981c646ac | Triage

Submit
Reports

Overview

overview

Static

static

PROFORMA INVOICE.exe

windows7_x64

PROFORMA INVOICE.exe

windows10_x64

Sharing

General

Target

PROFORMA INVOICE.gz
Size

436KB
Sample

210226-q1rnwyvzvx
MD5

d026f19fccd18f95ed9d456f98129218
SHA1

37deff28e2b4607e5740805fd17aa3d33f578ace
SHA256

4bbf9ed702b29b21bf873a4c492534217b3a3e1db434293973665a6981c646ac
SHA512

b3d3cfdf691e54df1770d4e3de31b3795e41e72e47e6361959546dfae48ec2fa63fac4895e914d769a58f691867a69dc4b5577ee16a4aa60c50e9f4458b05366

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PROFORMA INVOICE.exe

Resource

win7v20201028

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PROFORMA INVOICE.exe

Resource

win10v20201028

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hybridgroupco.com
Port:
587
Username:
20214@hybridgroupco.com
Password:
Obinna123@@@

Targets

- Target
  
  PROFORMA INVOICE.exe
- Size
  
  774KB
- MD5
  
  b58d742577f386edbf58075fff9ffacc
- SHA1
  
  a2b677224dc4fd241018dc05d0bf788df090cf01
- SHA256
  
  ed5aeb58bb7327270d75e75505bc2322bb62e5764b4245dba88d5a91c40ebe8b
- SHA512
  
  19dfc707c7dc31ba73cf20b3f986ed956d076b88781ca50b7e5409d877788bddfcdc14a9a7dc7ed12baa407a62d72f9622c8740d7e4d8f5b9a5244f09d7d28d4
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy