agenttesla | 682ba3a6762b523beb3d792fc8c52c44adda0f70033149204c1a0bbc717351b5 | Triage

Submit
Reports

Overview

overview

Static

static

7

Para Trans...29.exe

windows7-x64

Para Trans...29.exe

windows10-2004-x64

Sharing

General

Target

Para Transferi Bilgilendirmesi-Dekont20230329.7z
Size

243KB
Sample

230329-vex75ahb57
MD5

2706fc1ef92c9806dc34ce76edef3e2f
SHA1

c7d04f942d0bd4f2c06bc9b94ed9bde2fd8df00c
SHA256

682ba3a6762b523beb3d792fc8c52c44adda0f70033149204c1a0bbc717351b5
SHA512

7534ad5228790627397aa3df43a71bc068b8796f243634ce0d5631043c06701a46487b5b61b928c89e208deec4d7c91691fb58f58f9e280b996598b55643acd6
SSDEEP

6144:HrHoxCAihOD1vk/DprqaZZEZrUzo8/BLcMfsseN/1:LHvfYCpMZYo8/hcMQh1

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Para Transferi Bilgilendirmesi-Dekont20230329.exe

Resource

win7-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Para Transferi Bilgilendirmesi-Dekont20230329.exe

Resource

win10v2004-20230220-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/

Targets

- Target
  
  Para Transferi Bilgilendirmesi-Dekont20230329.exe
- Size
  
  445KB
- MD5
  
  26c10e8edfe247965c0694415372ed0b
- SHA1
  
  d07b6634339e0078362acd09ca06dc3d5c4e6be1
- SHA256
  
  9e3890049c1d7270fe38d2b545a4923b8933d271f9f10d316a7c228e2b931250
- SHA512
  
  4a9b7bd5f980084a1b8c9fac7d723c36abe1042292487fd3485cfdbcbce72cf8f3f9bac380ad45c30d328f89b58ab90e7ba647b7cc27856814ea64a9dd58ad41
- SSDEEP
  
  6144:qBJoejY8WjxzbAvjvElb8xRNCOWshLXyD9TBwSp8oiMf5F2c0mtZ/BHZnmVnI:q7obSr8iGSLXyDxBwSu2v9tZ/9ZmVnI
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy