agenttesla | ef176faa1d186e67f9ab559b32c35dcfe874bef49156ebcd414d5c032ec2f55a | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

1

Sharing

General

Target

tmp
Size

753KB
Sample

221123-qzwsksad2t
MD5

751532ac5635d8c77a474df541c780d9
SHA1

d7a962a32cafae1e791d2f896d0c9bb6ae0384d0
SHA256

ef176faa1d186e67f9ab559b32c35dcfe874bef49156ebcd414d5c032ec2f55a
SHA512

4a32296e5b02d8a6cf5c839ec0425231bde4d4d51dc92030c4fd658c6da11cc49521523a9547e40d658146b0a703ac04d12d2df2f78f25c2863d28a7a8fcb474
SSDEEP

12288:939riVwf3iJ+HN3TFfIKXKH0oKnkishvwWqWogZWhwOANLw/y/9Zu/E9jtgmdbtb:9Nriy/fTFfyRIA2R59Ntjk

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument

Targets

- Target
  
  tmp
- Size
  
  753KB
- MD5
  
  751532ac5635d8c77a474df541c780d9
- SHA1
  
  d7a962a32cafae1e791d2f896d0c9bb6ae0384d0
- SHA256
  
  ef176faa1d186e67f9ab559b32c35dcfe874bef49156ebcd414d5c032ec2f55a
- SHA512
  
  4a32296e5b02d8a6cf5c839ec0425231bde4d4d51dc92030c4fd658c6da11cc49521523a9547e40d658146b0a703ac04d12d2df2f78f25c2863d28a7a8fcb474
- SSDEEP
  
  12288:939riVwf3iJ+HN3TFfIKXKH0oKnkishvwWqWogZWhwOANLw/y/9Zu/E9jtgmdbtb:9Nriy/fTFfyRIA2R59Ntjk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy