agenttesla | c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac | Triage

Submit
Reports

Overview

overview

Static

static

3

c7b54fdfe7...ac.exe

windows7-x64

c7b54fdfe7...ac.exe

windows10-2004-x64

Sharing

General

Target

c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
Size

933KB
Sample

231205-vcbaksda99
MD5

e4f8b6eee6be5f9102ee21d572dc0834
SHA1

3b00998371ee7c84e20bcbfd543ec45a8588d55f
SHA256

c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
SHA512

3cec5ce85e4632ceaa2d3ab472ca143f4beb4f42c46ab1709b0ebc5ba043bce2946fda41300faa1f3445d9665d28e1f4f7fdabed3a85ca0c5bd83da0a8d21e1c
SSDEEP

12288:XdIcNJum2wDuyWZRO/GsxTz5llc3YyhFtbYcZ1peAXV8ApP7r9r/+ppppppppppR:XPNJum2wCyWZ0O+TH23DhscZ1pjp1q

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac.exe

Resource

win7-20231023-en

agenttesla keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac.exe

Resource

win10v2004-20231127-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6471053992:AAFUlrUxhi5Jrpjikoc-P4r9ZbsXV_T9vj8/

Targets

- Target
  
  c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
- Size
  
  933KB
- MD5
  
  e4f8b6eee6be5f9102ee21d572dc0834
- SHA1
  
  3b00998371ee7c84e20bcbfd543ec45a8588d55f
- SHA256
  
  c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
- SHA512
  
  3cec5ce85e4632ceaa2d3ab472ca143f4beb4f42c46ab1709b0ebc5ba043bce2946fda41300faa1f3445d9665d28e1f4f7fdabed3a85ca0c5bd83da0a8d21e1c
- SSDEEP
  
  12288:XdIcNJum2wDuyWZRO/GsxTz5llc3YyhFtbYcZ1peAXV8ApP7r9r/+ppppppppppR:XPNJum2wCyWZ0O+TH23DhscZ1pjp1q
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy