agenttesla | afbcbab72994419c40210539eb0959b383a0ea11043e672d117f63721ceefd86 | Triage

Submit
Reports

Overview

overview

Static

static

WRONG BANK...LS.exe

windows7-x64

WRONG BANK...LS.exe

windows10-2004-x64

Sharing

General

Target

afbcbab72994419c40210539eb0959b383a0ea11043e672d117f63721ceefd86
Size

367KB
Sample

221204-jx6fnsee9t
MD5

ec7b087b789156fd89f2c7e427f125ec
SHA1

6a02972799c00d12d54aac6e70356df6833b5a2c
SHA256

afbcbab72994419c40210539eb0959b383a0ea11043e672d117f63721ceefd86
SHA512

8088d11d350763e76162058c89e83882828b0be1d80ac5bdacf0542784112d7091a8f14f8c62a22a00869abcf811c9bca8fa2a015f6be3215fdb3da1f18d3012
SSDEEP

6144:VkypgABaqLsDg5do8ZKjs9Lu3zwpvj16u2gAOwYhh6TELvumLnwqlQDNR+3N:VgAkqLss5ZQa2qsu2gAOxyGLnwq+Cd

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

WRONG BANK DETAILS.exe

Resource

win7-20221111-en

agenttesla keylogger spyware stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

WRONG BANK DETAILS.exe

Resource

win10v2004-20220812-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.blc.com.np
Port:
587
Username:
[email protected]
Password:
Bhuramal123

Targets

- Target
  
  WRONG BANK DETAILS.exe
- Size
  
  472KB
- MD5
  
  8a286da3928ccde0c1f4d20a88f41b73
- SHA1
  
  153935397d81e3f398441ad7382284d2a15ed2e6
- SHA256
  
  2c93eddde0467abea46797a3f1df694c1f3f2b9ddd16cd60467fc00f08ad7ec7
- SHA512
  
  803589f0a0cc3c392c96fe5927eec2e7199adcc848f1f0b4dadd112cf2f567c49b035a4c71d31397b87e27b16850861fc587bcea57a6e69cdffbfec9a9f37fe9
- SSDEEP
  
  6144:QaOHuW0GgcRdBHMlU8LFhI8ZojU9Lu3fwpvj1iu2gAYwWhF6TEjvumnJw6lODNRF:QFufct8LFhbqq2Ogu2gAYh+gnJw6gr
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy