agenttesla | 84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18 | Triage

Submit
Reports

Overview

overview

Static

static

84606acc23...18.exe

windows7-x64

84606acc23...18.exe

windows10-2004-x64

Sharing

General

Target

84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18
Size

686KB
Sample

221130-phjagsch4s
MD5

d19f55865ee42ec0fa3ab6c877045c71
SHA1

e25651844182ffc6efaf131b539db57dfaf66acf
SHA256

84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18
SHA512

e5298352f3df55ba42313733fb7a91033d9eb4f599a2e3d509289f1fda1f2948fee93e9257740c1d045068201e14e1b39539951af9d7415914f035e7e1f8973e
SSDEEP

12288:TyqIXBP6wXR62mLtzLIpks6GK7mFnBXpQE9fVL6J05zg4F:uVXBPHh/Etg+lb7m1BZxV

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18.exe

Resource

win7-20220812-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
AFtermath1123

Targets

- Target
  
  84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18
- Size
  
  686KB
- MD5
  
  d19f55865ee42ec0fa3ab6c877045c71
- SHA1
  
  e25651844182ffc6efaf131b539db57dfaf66acf
- SHA256
  
  84606acc239f65763ce8240a0ec64287fdb6d153dbf89d01fcff63ba77586d18
- SHA512
  
  e5298352f3df55ba42313733fb7a91033d9eb4f599a2e3d509289f1fda1f2948fee93e9257740c1d045068201e14e1b39539951af9d7415914f035e7e1f8973e
- SSDEEP
  
  12288:TyqIXBP6wXR62mLtzLIpks6GK7mFnBXpQE9fVL6J05zg4F:uVXBPHh/Etg+lb7m1BZxV
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy