agenttesla | cfdaeca9b832cd4b73218ed37e30d7f93061607f5075d976f97741eeda169304 | Triage

Submit
Reports

Overview

overview

Static

static

ee786b17c0...ed.exe

windows7-x64

ee786b17c0...ed.exe

windows10-2004-x64

Sharing

General

Target

8427322316.zip
Size

859KB
Sample

221123-r1gwgsaa26
MD5

95ea32a577e246d2b456ff2fc9a71bbc
SHA1

7a0bb67b98d507a0871f876f4818083ce1a5f4f7
SHA256

cfdaeca9b832cd4b73218ed37e30d7f93061607f5075d976f97741eeda169304
SHA512

73c1b351027492c7296aadbfb14273d1eb9bea04654831f3385b48a6565d21e732ed419e27bbe42772c686be8a8569c9aae547949f63b4cae564ee8f51bf287d
SSDEEP

24576:f14U+p1igMGthXRI2pl3pJXwukhvj/wjBUSc:f4GgMKhXOCQuk5jECD

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed.exe

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5088709131:AAFHCIxHU907RAI3XEaH2G6LgE9wrdrAgI0/sendDocument

Targets

- Target
  
  ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed
- Size
  
  1.1MB
- MD5
  
  e035bc2cbfc3910329796b79c1e7dd8b
- SHA1
  
  d34dc97dd02408e1304df5ba7ec66e2dcfa20584
- SHA256
  
  ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed
- SHA512
  
  dcc5720e77e8e27d7eec8662d8d4e321f4ba0b1ac557231cc36d4926d516ce535efa662ded1e41cc5e039c61112579a5c9b557c05db39d26b8ea50c040b0d3e6
- SSDEEP
  
  24576:k1utqdOTLC6tDmQKn842PRyQU3zUEMdE99:kMqdOa6J/KnJLJ3z0W99
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy