agenttesla | 2688511cebff014631fbf81c7dc6935268692a73caaa3dc7b0ff13639eb46106 | Triage

Submit
Reports

Overview

overview

Static

static

3

ccc.exe

windows7-x64

ccc.exe

windows10-2004-x64

Sharing

General

Target

06122023_1508_05122023_SHIPMENT DOC.r10
Size

686KB
Sample

231206-hx9bwscd53
MD5

84700bb79e9e57bbb123cbe7fb07617a
SHA1

40b7b26c4b8373263caafe09cb96f715b64dcde4
SHA256

2688511cebff014631fbf81c7dc6935268692a73caaa3dc7b0ff13639eb46106
SHA512

5230a0ca55d082a529bde4c7a2e4d687cab8906eb719e893eb54f6162d45ed0a9579d288e649557fa51a989cc18d583a25d82b98d88fc93d2cf24258af8c4df5
SSDEEP

12288:7aew5JSFYpBxqY4fcWF0ynmTG6lXZiNtW5WMXh5JLGZbSKgH1B4IYXXKFaQ:7SpCY4fcWmynqlJj5z5JLGwKg74IYHKx

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ccc.exe

Resource

win7-20231020-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ccc.exe

Resource

win10v2004-20231130-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.acestar.com.ph
Port:
587
Username:
[email protected]
Password:
cssubic@12345
Email To:
[email protected]

Targets

- Target
  
  ccc.exe
- Size
  
  800KB
- MD5
  
  356dc248b383e7fcb2af3b499522ec55
- SHA1
  
  9853c898464b54803e4774ecb6d6e5f8f74c59eb
- SHA256
  
  7f5c8c23a60ac9447e6c8b2ed0ee40b1cdde28e95ace22c15dac79ae7ac6da0d
- SHA512
  
  8a417ffba7103c979842f5c539b9e942272dd73899bcd8bb5456a328848d1beab19f72761ebbeb404dafbd625b324ee8b94ab81762b8b1466bf46e4ff6ca9d74
- SSDEEP
  
  12288:GxdKE6jD/62iNG5nF8fTLGOj30sN8vJ8S976Yc1Cp9gpwu1VWO36NLzXIfmnBGY:GzKtD/61ISTL0sNkCS9D/Y71VUTMm
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy