agenttesla | 62af6b2f03773a1f7e3c92cfec408e2068adbd89d4e083ebe0ae90f8ed432c07 | Triage

Submit
Reports

Overview

overview

Static

static

3

0089789Nue...en.exe

windows7-x64

0089789Nue...en.exe

windows10-2004-x64

7

Sharing

General

Target

0089789Nuevo orden.exe
Size

849KB
Sample

231204-n6erjaah76
MD5

1177200ba703d00a87eb6114e68972c8
SHA1

98a40d14dc7d3962cc7aae7e98af7f8f8aa5ea2f
SHA256

62af6b2f03773a1f7e3c92cfec408e2068adbd89d4e083ebe0ae90f8ed432c07
SHA512

e53e16233458b2f2bd1fc2018143a32922a83df16a19a944988103d42871ef95063a8c5bd0a891bdc1a5fe1daf46b36209a0583c771e4bdfe6202e4fab0babc6
SSDEEP

24576:1WNiEg7cFdwi2uzqVQRUGN6GlwjtAfXbgypW:6yYgQRUGwGyjtA/9pW

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0089789Nuevo orden.exe

Resource

win7-20231020-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0089789Nuevo orden.exe

Resource

win10v2004-20231130-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.siscop.com.co
Port:
21
Username:
[email protected]
Password:
+5s48Ia2&-(t

Targets

- Target
  
  0089789Nuevo orden.exe
- Size
  
  849KB
- MD5
  
  1177200ba703d00a87eb6114e68972c8
- SHA1
  
  98a40d14dc7d3962cc7aae7e98af7f8f8aa5ea2f
- SHA256
  
  62af6b2f03773a1f7e3c92cfec408e2068adbd89d4e083ebe0ae90f8ed432c07
- SHA512
  
  e53e16233458b2f2bd1fc2018143a32922a83df16a19a944988103d42871ef95063a8c5bd0a891bdc1a5fe1daf46b36209a0583c771e4bdfe6202e4fab0babc6
- SSDEEP
  
  24576:1WNiEg7cFdwi2uzqVQRUGN6GlwjtAfXbgypW:6yYgQRUGwGyjtA/9pW
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy