agenttesla | 2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe | Triage

Submit
Reports

Overview

overview

Static

static

1

2b370d79df...fe.exe

windows7-x64

2b370d79df...fe.exe

windows10-2004-x64

Sharing

General

Target

2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe.exe
Size

514KB
Sample

231206-vssvkaff9z
MD5

11d897c228ac0e871e95d7ef0985504d
SHA1

4c73e879cc0f50fa0e07b60349e0ac3bfa53d2c1
SHA256

2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe
SHA512

03a23421f6b8871f279d1847278657baf190ed7fc881edad823ad93f4c2c26672a391aac786684ef64bfcf34d3742ba4d90bc87c49170de41996897fd75350db
SSDEEP

12288:Mbip2zW1/ykRVcJ5/N2r8lM9E9gE4UqlT8ICRhv1PNA9uLqSHhA4BL:MbiIzW1/zVGsX6SpZGv11A9hiBL

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe.exe

Resource

win7-20231025-en

agenttesla keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe.exe

Resource

win10v2004-20231130-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.mcmprint.net
Port:
21
Username:
[email protected]
Password:
pK@7[r0Y?XFT

Targets

- Target
  
  2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe.exe
- Size
  
  514KB
- MD5
  
  11d897c228ac0e871e95d7ef0985504d
- SHA1
  
  4c73e879cc0f50fa0e07b60349e0ac3bfa53d2c1
- SHA256
  
  2b370d79df7c09342bb6fb8ad073474533310274a011593e4f40d6e7297b43fe
- SHA512
  
  03a23421f6b8871f279d1847278657baf190ed7fc881edad823ad93f4c2c26672a391aac786684ef64bfcf34d3742ba4d90bc87c49170de41996897fd75350db
- SSDEEP
  
  12288:Mbip2zW1/ykRVcJ5/N2r8lM9E9gE4UqlT8ICRhv1PNA9uLqSHhA4BL:MbiIzW1/zVGsX6SpZGv11A9hiBL
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy