agenttesla | afbcbab72994419c40210539eb0959b383a0ea11043e672d117f63721ceefd86 | Triage

Submit
Reports

Overview

overview

Static

static

WRONG BANK...LS.exe

windows7-x64

WRONG BANK...LS.exe

windows10-2004-x64

Sharing

General

Target

afbcbab72994419c40210539eb0959b383a0ea11043e672d117f63721ceefd86
Size

367KB
Sample

221204-jx6fnsee9t
MD5

ec7b087b789156fd89f2c7e427f125ec
SHA1

6a02972799c00d12d54aac6e70356df6833b5a2c
SHA256

afbcbab72994419c40210539eb0959b383a0ea11043e672d117f63721ceefd86
SHA512

8088d11d350763e76162058c89e83882828b0be1d80ac5bdacf0542784112d7091a8f14f8c62a22a00869abcf811c9bca8fa2a015f6be3215fdb3da1f18d3012
SSDEEP

6144:VkypgABaqLsDg5do8ZKjs9Lu3zwpvj16u2gAOwYhh6TELvumLnwqlQDNR+3N:VgAkqLss5ZQa2qsu2gAOxyGLnwq+Cd

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

WRONG BANK DETAILS.exe

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

WRONG BANK DETAILS.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.blc.com.np
Port:
587
Username:
norvicfertility.clinic@blc.com.np
Password:
Bhuramal123

Targets

- Target
  
  WRONG BANK DETAILS.exe
- Size
  
  472KB
- MD5
  
  8a286da3928ccde0c1f4d20a88f41b73
- SHA1
  
  153935397d81e3f398441ad7382284d2a15ed2e6
- SHA256
  
  2c93eddde0467abea46797a3f1df694c1f3f2b9ddd16cd60467fc00f08ad7ec7
- SHA512
  
  803589f0a0cc3c392c96fe5927eec2e7199adcc848f1f0b4dadd112cf2f567c49b035a4c71d31397b87e27b16850861fc587bcea57a6e69cdffbfec9a9f37fe9
- SSDEEP
  
  6144:QaOHuW0GgcRdBHMlU8LFhI8ZojU9Lu3fwpvj1iu2gAYwWhF6TEjvumnJw6lODNRF:QFufct8LFhbqq2Ogu2gAYh+gnJw6gr
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy