agenttesla | 3b84b73506255cc004a7d907f244a6c4394adea87102125d1d5d44ea4857008b | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...45.exe

windows7-x64

SecuriteIn...45.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.16745.exe
Size

1000KB
Sample

221003-e7874agcc6
MD5

4291bd1e611bd5a4862392229386151d
SHA1

6e1f7d19ef89dc72d1d8d6defc06ab58e9553962
SHA256

3b84b73506255cc004a7d907f244a6c4394adea87102125d1d5d44ea4857008b
SHA512

8d576ac5fb0f8c6c89c47196ff6f189b38efde99bafedf4ab4ae21ad9d33e7cf38566d77d4f00ae40e3ac4ea9f4356e8c2784c5cc54237337d673b51a367e898
SSDEEP

12288:OahrK4HTNv+z/MUH3RTh3RFd0b2+PT4loGXGt0cJexX9nv8nXk:PSMUHh9hFd0RPNGUWv8n

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.16745.exe

Resource

win7-20220812-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.16745.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.phossphea.com
Port:
587
Username:
marou.ouerghi@phossphea.com
Password:
EpP@%mB2

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.16745.exe
- Size
  
  1000KB
- MD5
  
  4291bd1e611bd5a4862392229386151d
- SHA1
  
  6e1f7d19ef89dc72d1d8d6defc06ab58e9553962
- SHA256
  
  3b84b73506255cc004a7d907f244a6c4394adea87102125d1d5d44ea4857008b
- SHA512
  
  8d576ac5fb0f8c6c89c47196ff6f189b38efde99bafedf4ab4ae21ad9d33e7cf38566d77d4f00ae40e3ac4ea9f4356e8c2784c5cc54237337d673b51a367e898
- SSDEEP
  
  12288:OahrK4HTNv+z/MUH3RTh3RFd0b2+PT4loGXGt0cJexX9nv8nXk:PSMUHh9hFd0RPNGUWv8n
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy