agenttesla | 261876ed0f8d2d0038ce84d15817b66fe0b90417a2c3ebbd40efcb9a069ef7a9 | Triage

Submit
Reports

Overview

overview

Static

static

E-Remittan...df.exe

windows7_x64

E-Remittan...df.exe

windows10_x64

Sharing

General

Target

E-Remittance Copy.pdf.ace
Size

550KB
Sample

210504-t5zn3aye22
MD5

9fa266b58f74f23630d145f07cc09a91
SHA1

bdca2aaf830e8a8abdfff816a3434a84acbb69c6
SHA256

261876ed0f8d2d0038ce84d15817b66fe0b90417a2c3ebbd40efcb9a069ef7a9
SHA512

48b513b9ff758070f6a404098eb5c9012daf19122452bd8a684946178214c69ec47aa4d2f2d5f9ea91b015691b630fd75b0f1404deddd4f558d199c227739d00

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

E-Remittance Copy.pdf.exe

Resource

win7v20210408

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

E-Remittance Copy.pdf.exe

Resource

win10v20210410

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
587
Username:
clintonlogging@vivaldi.net
Password:
858540506070

Targets

- Target
  
  E-Remittance Copy.pdf.exe
- Size
  
  695KB
- MD5
  
  5f974cb0ec8c2360133ad6fc13367797
- SHA1
  
  f5da885cd7b7043f34be4842fb2abd22a2fbd8c4
- SHA256
  
  1f37b4d2751d387a04815bc0477fb419e607c19f45cb3712aa1b872df9e12429
- SHA512
  
  42e9adc19cc24c0663d876ce5912c156a2a9605c7b5902fdba3a7046832c03a69cdab3f6f161c98c2c4a94c896e9db823c27d245ae3a5b7408211924a0a36078
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy