agenttesla | 93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a | Triage

Submit
Reports

Overview

overview

Static

static

93caf26ccb...8a.exe

windows7-x64

93caf26ccb...8a.exe

windows10-2004-x64

Sharing

General

Target

93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
Size

776KB
Sample

221130-tw9f2sac2t
MD5

5f5007d479284c637ee7af9ecf085ff9
SHA1

b1d249b76d71b5486453ee088a30ab66398e1f74
SHA256

93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
SHA512

899106d3a206d55ae94b2775c38c59a29db47a55e42da1bd9eae28afe3099193812a863e62d1f2a6f3afcfef7137f4c2ca0955c95f271197aae1bd502845b051
SSDEEP

6144:qD2v7gkRvi3Kg4B1Rj7XvlczaB2DH2wMZgIaBI72xxaT+DSmKaWMueU+JqV3pDT/:werNJSsZgVm2WCD1KtMuL+J8VSpto

Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe

Resource

win7-20221111-en

agenttesla agilenet keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
box@alscotop.com
Password:
godisgreat

Targets

- Target
  
  93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
- Size
  
  776KB
- MD5
  
  5f5007d479284c637ee7af9ecf085ff9
- SHA1
  
  b1d249b76d71b5486453ee088a30ab66398e1f74
- SHA256
  
  93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
- SHA512
  
  899106d3a206d55ae94b2775c38c59a29db47a55e42da1bd9eae28afe3099193812a863e62d1f2a6f3afcfef7137f4c2ca0955c95f271197aae1bd502845b051
- SSDEEP
  
  6144:qD2v7gkRvi3Kg4B1Rj7XvlczaB2DH2wMZgIaBI72xxaT+DSmKaWMueU+JqV3pDT/:werNJSsZgVm2WCD1KtMuL+J8VSpto
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy