agenttesla | 2bd9d64f0a291f17f1db4d10df0ac690508912e2720fadf24e7b33d11ffef781 | Triage

Submit
Reports

Overview

overview

Static

static

3

R7275-12112023.exe

windows7-x64

1

R7275-12112023.exe

windows10-2004-x64

Sharing

General

Target

2BD9D64F0A291F17F1DB4D10DF0AC690508912E2720FADF24E7B33D11FFEF781
Size

807KB
Sample

231206-epynmsbb27
MD5

f3e5f3fb41efb48631fa8e489e577376
SHA1

f41d3f093d035645d6a56cf684c6458c14d7bbbe
SHA256

2bd9d64f0a291f17f1db4d10df0ac690508912e2720fadf24e7b33d11ffef781
SHA512

f799f4c771b43c9ae0a2bb8e923acc35e32c5189c946ed312fc4029cd1ec84adeafe592750d964d408fdc7d25be0e7a9ae10198d054858ae9468bb0d734397d4
SSDEEP

12288:RzZCBBW0iMbWtgXTqgIlF2Oyw41MzPlIBTxealH6hPCayOiWQXHCba9rDEwYURV:REXW0i9WTDIlOwBEMuICZO43vBKG

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

R7275-12112023.exe

Resource

win7-20231020-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

R7275-12112023.exe

Resource

win10v2004-20231201-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.printforyou.pl
Port:
587
Username:
[email protected]
Password:
Maciekmaciek2016!@@
Email To:
[email protected]

Targets

- Target
  
  R7275-12112023.exe
- Size
  
  1.1MB
- MD5
  
  cbdcf99f5255ed189e1135067b2e64e0
- SHA1
  
  fb18f5f1a346db21f062d8b88893bc428fc472e7
- SHA256
  
  1d7b401ea7bf4f36433e63335d35807a419d1c1fc2c3f1ef1702898713e11757
- SHA512
  
  691c25339317be4e73df957dd859c5904607ae5dae3cbc5a702705fe924944c83e4433b61d77d2c1708c2f253b33276706a992b848620ece0b2bd5d31476d90c
- SSDEEP
  
  24576:rclEznOqRtyOuiNRh5XYaNjetr6XgE+qlHb8f9K:UEznOaNRh5XYaNjet2XpFJ8fk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy