agenttesla | 844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41 | Triage

Submit
Reports

Overview

overview

Static

static

1

844d1e148e...41.exe

windows7-x64

844d1e148e...41.exe

windows10-2004-x64

Sharing

General

Target

844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41
Size

699KB
Sample

231208-cq8twsaa4y
MD5

9444e71802e12684478363233fd62c92
SHA1

f2b4bd9162b591b2a2f4202934145864e16053fb
SHA256

844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41
SHA512

fec573d2b453086f2ed0b8b11824e4626fb3712134a707f100b9b2704c489fffc1259646979b0c7ebeb032421163b35beed13d2772ac02a7dd08bf7723821805
SSDEEP

12288:WwFGHEXEzFGj9F5qx5DJlm2HlzYmdMylgimtdYM3O0V7bbJ:W5HEXl9y1lrz7lgZtub0V7B

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41.exe

Resource

win7-20231129-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41.exe

Resource

win10v2004-20231127-en

agenttesla guloader downloader keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.vvspijkenisse.nl
Port:
21
Username:
[email protected]
Password:
playingboyz231

Targets

- Target
  
  844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41
- Size
  
  699KB
- MD5
  
  9444e71802e12684478363233fd62c92
- SHA1
  
  f2b4bd9162b591b2a2f4202934145864e16053fb
- SHA256
  
  844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41
- SHA512
  
  fec573d2b453086f2ed0b8b11824e4626fb3712134a707f100b9b2704c489fffc1259646979b0c7ebeb032421163b35beed13d2772ac02a7dd08bf7723821805
- SSDEEP
  
  12288:WwFGHEXEzFGj9F5qx5DJlm2HlzYmdMylgimtdYM3O0V7bbJ:W5HEXl9y1lrz7lgZtub0V7B
Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

behavioral2

agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy