agenttesla | 1507118f528232defccaa4b670e7e72fbcf1a97e272114425517b49133cf8ee7 | Triage

Submit
Reports

Overview

overview

Static

static

1

united+sci...nt.zip

windows7-x64

1

united sci...nt.exe

windows7-x64

Sharing

General

Target

united+scientific+equipent.zip
Size

577KB
Sample

230315-e8epwabe47
MD5

c942c21bcd6dbebdbe2ea20d19b1fbc7
SHA1

79ec41591a47a34a8ab123b217533673d17ebc0d
SHA256

1507118f528232defccaa4b670e7e72fbcf1a97e272114425517b49133cf8ee7
SHA512

2e4ed826ca26d6fb1080ac5da78d1fc90a4b5039643d1475aa72f9083163f83d02f3dd836b546d9aa1740df5d62995861f0e671ea7b130daa40dcc15224ebafe
SSDEEP

12288:z+beeYnIsTZTrlbCcllLRr7VyNYQChdcKHOysMaqsI142oxyX+UrDh15:zU0IuZTrtHFKNsdP51zcxybZ15

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

united+scientific+equipent.zip

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

united scientific equipent.exe

Resource

win7-20230220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cybernetics.co.za
Port:
587
Username:
[email protected]
Password:
P@ssw0rd

Targets

- Target
  
  united+scientific+equipent.zip
- Size
  
  577KB
- MD5
  
  c942c21bcd6dbebdbe2ea20d19b1fbc7
- SHA1
  
  79ec41591a47a34a8ab123b217533673d17ebc0d
- SHA256
  
  1507118f528232defccaa4b670e7e72fbcf1a97e272114425517b49133cf8ee7
- SHA512
  
  2e4ed826ca26d6fb1080ac5da78d1fc90a4b5039643d1475aa72f9083163f83d02f3dd836b546d9aa1740df5d62995861f0e671ea7b130daa40dcc15224ebafe
- SSDEEP
  
  12288:z+beeYnIsTZTrlbCcllLRr7VyNYQChdcKHOysMaqsI142oxyX+UrDh15:zU0IuZTrtHFKNsdP51zcxybZ15
Score

1^/10
behavioral1
- Target
  
  united scientific equipent.exe
- Size
  
  710KB
- MD5
  
  71536be72d8cc9dc156f1ff70b7f69a5
- SHA1
  
  ff0bb0d7e4dfa01c187c80d2e42d85feb22d98b9
- SHA256
  
  9909753bfb0ac8ab165bab3555233d03b01a9274a92e57c022f87ccbe51ca415
- SHA512
  
  9a98d57116a638e4ec0df224c243a074de233bf1859ea6a5efbf0d4d36ef470a9421d535e2d35371c1191d72f09aa0352ba9d147dae62ef6e4fc5c0650df07c9
- SSDEEP
  
  12288:v1XZi970Oz6hGy69oswvYeMW5+uCwpla6Mqbjvkgb3I9S0dbp5Ne:dXZ7DnY/WcuCd1qbjvkWI9S0Fp5Ne
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy