agenttesla | cfcaa86b82ccc8a8f2ba738e1411862316c945de73d22ccc72bbce99b8aa192c | Triage

Submit
Reports

Overview

overview

Static

static

3

ccc.exe

windows7-x64

ccc.exe

windows10-2004-x64

Sharing

General

Target

BL copy.zip
Size

690KB
Sample

231205-j2mt5aaa3w
MD5

18eb11b7d5bcd114e1f4232322148107
SHA1

74368632616c09542a2d9d52576d649a5006ef45
SHA256

cfcaa86b82ccc8a8f2ba738e1411862316c945de73d22ccc72bbce99b8aa192c
SHA512

6945a2595e544582b67f6f9d188ef1c0ddec1ba10eb3a6eedbcb2ec1ef4d23c863fa2802e434a447b79f28ac0fc3a2627d0952a6c59ce7774d532879e6106f52
SSDEEP

12288:pGA9i03rrTNY/NfSLGyj30kNUjJ88976Mc1+w5WNc1pHJ1hbsYPq:pM03rPNFLGkNmC899frNoppbi

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ccc.exe

Resource

win7-20231201-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ccc.exe

Resource

win10v2004-20231130-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acestar.com.ph
Port:
587
Username:
[email protected]
Password:
cssubic@12345
Email To:
[email protected]

Targets

- Target
  
  ccc.exe
- Size
  
  800KB
- MD5
  
  356dc248b383e7fcb2af3b499522ec55
- SHA1
  
  9853c898464b54803e4774ecb6d6e5f8f74c59eb
- SHA256
  
  7f5c8c23a60ac9447e6c8b2ed0ee40b1cdde28e95ace22c15dac79ae7ac6da0d
- SHA512
  
  8a417ffba7103c979842f5c539b9e942272dd73899bcd8bb5456a328848d1beab19f72761ebbeb404dafbd625b324ee8b94ab81762b8b1466bf46e4ff6ca9d74
- SSDEEP
  
  12288:GxdKE6jD/62iNG5nF8fTLGOj30sN8vJ8S976Yc1Cp9gpwu1VWO36NLzXIfmnBGY:GzKtD/61ISTL0sNkCS9D/Y71VUTMm
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy