agenttesla | d6d400c0847a1893dea669a1c8cfee475cafd9439bc50c694eaccbc04211a0e7 | Triage

Submit
Reports

Overview

overview

Static

static

1

Zamówieni...66.exe

windows7-x64

Zamówieni...66.exe

windows10-2004-x64

Sharing

General

Target

Zamówienie.ZD33166.exe
Size

698KB
Sample

231207-jgrycahhen
MD5

16d009c42496db59b33e6723f913d0c9
SHA1

bed0f6cf09e6bc16190e694d493f891732816e8d
SHA256

d6d400c0847a1893dea669a1c8cfee475cafd9439bc50c694eaccbc04211a0e7
SHA512

02853827c4d99c441c1daf2d22d0da23f42115e7da66396dc9794017322502aee37d2573acc9bf0c3ec300db6697b49ffd3568d1a8544c39973c613daa7f64e3
SSDEEP

12288:UwFGHEN1Sn2VNDyu0AP/0wGc/fMz3rzNI3ylgimtdYM3O0V7bby:U5HEN16kh01w3sZlgZtub0V7q

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Zamówienie.ZD33166.exe

Resource

win7-20231129-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zamówienie.ZD33166.exe

Resource

win10v2004-20231130-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.omamontaggi.it
Port:
21
Username:
[email protected]
Password:
pass@A12345@

Targets

- Target
  
  Zamówienie.ZD33166.exe
- Size
  
  698KB
- MD5
  
  16d009c42496db59b33e6723f913d0c9
- SHA1
  
  bed0f6cf09e6bc16190e694d493f891732816e8d
- SHA256
  
  d6d400c0847a1893dea669a1c8cfee475cafd9439bc50c694eaccbc04211a0e7
- SHA512
  
  02853827c4d99c441c1daf2d22d0da23f42115e7da66396dc9794017322502aee37d2573acc9bf0c3ec300db6697b49ffd3568d1a8544c39973c613daa7f64e3
- SSDEEP
  
  12288:UwFGHEN1Sn2VNDyu0AP/0wGc/fMz3rzNI3ylgimtdYM3O0V7bby:U5HEN16kh01w3sZlgZtub0V7q
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy