agenttesla | d5c6e817e81a13cd55bf34551de9665821e3402bd4aa8c25ef302044502dc509 | Triage

Submit
Reports

Overview

overview

Static

static

Frozen Sea...21.exe

windows7_x64

Frozen Sea...21.exe

windows10_x64

Sharing

General

Target

Frozen Seafood Specification BT vannamei shrimps mackerel supply data RFQ 3FCL 0086211052021.exe
Size

940KB
Sample

210511-mlx1wwwl5j
MD5

4239f6a01b20697056527dc5c5b33794
SHA1

8c535c57e02423dd83f38225f0a2fbf517c558ea
SHA256

d5c6e817e81a13cd55bf34551de9665821e3402bd4aa8c25ef302044502dc509
SHA512

2792430bf7160e0067861dfc0e246048e035113af39f426ef4dd59b825bc610fb1cdcd83e70ae9d466d0b4cf65eade4c5eccb8bc8f7cac5c67417f7417c64aca

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Frozen Seafood Specification BT vannamei shrimps mackerel supply data RFQ 3FCL 0086211052021.exe

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Frozen Seafood Specification BT vannamei shrimps mackerel supply data RFQ 3FCL 0086211052021.exe

Resource

win10v20210410

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.corroshield.co.id
Port:
587
Username:
procurement@corroshield.co.id
Password:
kramatjati1945

Targets

- Target
  
  Frozen Seafood Specification BT vannamei shrimps mackerel supply data RFQ 3FCL 0086211052021.exe
- Size
  
  940KB
- MD5
  
  4239f6a01b20697056527dc5c5b33794
- SHA1
  
  8c535c57e02423dd83f38225f0a2fbf517c558ea
- SHA256
  
  d5c6e817e81a13cd55bf34551de9665821e3402bd4aa8c25ef302044502dc509
- SHA512
  
  2792430bf7160e0067861dfc0e246048e035113af39f426ef4dd59b825bc610fb1cdcd83e70ae9d466d0b4cf65eade4c5eccb8bc8f7cac5c67417f7417c64aca
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy