agenttesla | 5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654 | Triage

Submit
Reports

Overview

overview

Static

static

3

5caa857242...54.exe

windows7-x64

5caa857242...54.exe

windows10-2004-x64

Sharing

General

Target

5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
Size

806KB
Sample

231206-c57v5sad74
MD5

bc8d05282f5391242f19219dc1e5bf4e
SHA1

afcfb05fd2e809bb5e120297619e2e7a36797398
SHA256

5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
SHA512

652556e8ec1533b324f7c2260aff7ebf61b8468a911093e083adf261f894201f387200aaa3847964d1bdba2802039da2d1ad5440e4d4453b188af52034a0d2ee
SSDEEP

12288:+tKE6jD/62iNG5nF8ybpfSC4Z4nJgg6wJFNtduLfWiLQi+5RjNGDh2kN0oZJ:+tKtD/61IGZ4nJy8NtsfWivkadRJ

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654.exe

Resource

win7-20231023-en

agenttesla keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654.exe

Resource

win10v2004-20231127-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6471053992:AAFUlrUxhi5Jrpjikoc-P4r9ZbsXV_T9vj8/

Targets

- Target
  
  5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
- Size
  
  806KB
- MD5
  
  bc8d05282f5391242f19219dc1e5bf4e
- SHA1
  
  afcfb05fd2e809bb5e120297619e2e7a36797398
- SHA256
  
  5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
- SHA512
  
  652556e8ec1533b324f7c2260aff7ebf61b8468a911093e083adf261f894201f387200aaa3847964d1bdba2802039da2d1ad5440e4d4453b188af52034a0d2ee
- SSDEEP
  
  12288:+tKE6jD/62iNG5nF8ybpfSC4Z4nJgg6wJFNtduLfWiLQi+5RjNGDh2kN0oZJ:+tKtD/61IGZ4nJy8NtsfWivkadRJ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy