agenttesla | 9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

9dbb990961...f8.exe

windows7-x64

9dbb990961...f8.exe

windows10-2004-x64

Sharing

General

Target

9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
Size

748KB
Sample

231213-crhzvsegak
MD5

ef850c07c2d8e95e2fea98d6ff2177f2
SHA1

366b374dc3166ff678bfc9c665282f3a50eaf1c2
SHA256

9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
SHA512

d04dcec60688ea2d12e75850674915d28eefe98325fd35b587b001aa07ad9f858681adc27c7fc690eacf724df4fc2d05a6f57c90f17e075d30bc2d39f09d505c
SSDEEP

12288:T05yw54Jk+lK6zsd5gP8OvRPC6bSUUyJkqvZG05oCiM1dtOQq4OdKyWXG84h:wyYefJ25BOvdC6WUbJTjtzVOdK4vh

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8.exe

Resource

win7-20231025-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8.exe

Resource

win10v2004-20231127-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sysnetglobal.com
Port:
587
Username:
[email protected]
Password:
Vrsk@131202
Email To:
[email protected]

Targets

- Target
  
  9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
- Size
  
  748KB
- MD5
  
  ef850c07c2d8e95e2fea98d6ff2177f2
- SHA1
  
  366b374dc3166ff678bfc9c665282f3a50eaf1c2
- SHA256
  
  9dbb9909612a626ab5332bad9e1b944d925193d70796eb7fc2651373e6c178f8
- SHA512
  
  d04dcec60688ea2d12e75850674915d28eefe98325fd35b587b001aa07ad9f858681adc27c7fc690eacf724df4fc2d05a6f57c90f17e075d30bc2d39f09d505c
- SSDEEP
  
  12288:T05yw54Jk+lK6zsd5gP8OvRPC6bSUUyJkqvZG05oCiM1dtOQq4OdKyWXG84h:wyYefJ25BOvdC6WUbJTjtzVOdK4vh
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy