agenttesla | 4a919c78e17213d98f10f49a921bf41164e6206e63bc3cbe487092b078189a0a | Triage

Submit
Reports

Overview

overview

Static

static

P44898408970-1.exe

windows7_x64

P44898408970-1.exe

windows10_x64

Sharing

General

Target

P44898408970-1.zip
Size

506KB
Sample

210722-dcp8lgkzzx
MD5

0aa67c12db0e3ea16a183f2625b0b31d
SHA1

622ccf647f0d83a47de603fa584181736797ee54
SHA256

4a919c78e17213d98f10f49a921bf41164e6206e63bc3cbe487092b078189a0a
SHA512

af39d73aa09a80ba2d55d8e23edf0db82561f9f58a32bdc8f1d2b8fc394fd3d716f9be61ea79aef5e5c3fd19f8bd4ca1d0bb0745386940a7dc9ad9d1e9d908dc

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

P44898408970-1.exe

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

P44898408970-1.exe

Resource

win10v20210410

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.framafilms.com
Port:
587
Username:
framafilmsint@framafilms.com
Password:
lister11

Targets

- Target
  
  P44898408970-1.exe
- Size
  
  894KB
- MD5
  
  fb06ed245f080393bbfe1ae577053085
- SHA1
  
  a003c960669f5a64ae182dcfc9d7185750a84f0d
- SHA256
  
  2f639103b3a2a16f0eacad22c7df0a037c3a45d74cfe09ce96f86e13fe74a1b8
- SHA512
  
  cf75bb4fe26c743c3e448700a7baccb233f82113562afd46836beebe0593a21adc34d15de9dfa7918a034b6b75a8e2a4c989391c1b3dcf08a17dc8b0983932e3
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy