agenttesla | 54f4fdb16ec6a53f43577c742860b4b3ba37611f67a57ceb65478821e4216825 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...38.exe

windows7-x64

SecuriteIn...38.exe

windows10-2004-x64

1

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe
Size

925KB
Sample

221126-a48d6sad33
MD5

e2a9849a08a5eb1e135c04b0604d9d64
SHA1

da64e496496d949a0e86cdc2fd9c9f99252506eb
SHA256

54f4fdb16ec6a53f43577c742860b4b3ba37611f67a57ceb65478821e4216825
SHA512

491fa1cddbb79f41f3a96ed4a18a90f5b3a34734c420a5830c35614a39add91f960f88fa586a959b092525299fe5e055b82d1260cd9a4e496f724dc60adb58b6
SSDEEP

24576:kjU376CqskFgqIyXXfCob/KixjqmwSmM0kCzFrM86hjK:ko1kVXXfd/KiFqmMM0ke//

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe

Resource

win7-20220901-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.hostinger.com
Port:
587
Username:
[email protected]
Password:
lOg123@@

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exe
- Size
  
  925KB
- MD5
  
  e2a9849a08a5eb1e135c04b0604d9d64
- SHA1
  
  da64e496496d949a0e86cdc2fd9c9f99252506eb
- SHA256
  
  54f4fdb16ec6a53f43577c742860b4b3ba37611f67a57ceb65478821e4216825
- SHA512
  
  491fa1cddbb79f41f3a96ed4a18a90f5b3a34734c420a5830c35614a39add91f960f88fa586a959b092525299fe5e055b82d1260cd9a4e496f724dc60adb58b6
- SSDEEP
  
  24576:kjU376CqskFgqIyXXfCob/KixjqmwSmM0kCzFrM86hjK:ko1kVXXfd/KiFqmMM0ke//
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy