agenttesla | 0f8773b6ccffd8b5f6008c4902f01978eb1d11cab3823030dbbbbf9f03e4af5c | Triage

Submit
Reports

Overview

overview

Static

static

7

rorr99086.exe

windows7-x64

rorr99086.exe

windows10-2004-x64

Sharing

General

Target

0f8773b6ccffd8b5f6008c4902f01978eb1d11cab3823030dbbbbf9f03e4af5c
Size

621KB
Sample

240106-bf55ksdgeq
MD5

0a510bed34ddfb5f738b4c62bd9d7e16
SHA1

fa55c4eb9b281269b7fdf328b4bbc268b441f747
SHA256

0f8773b6ccffd8b5f6008c4902f01978eb1d11cab3823030dbbbbf9f03e4af5c
SHA512

b8acabf99be179cf3e9432399ae9bc9a693ba76f5909832f5b5257dd1c4a0233842c12a1fd273ea4171a34349f30063e675d566e20c8515bf922ff7aa8ed0a78
SSDEEP

12288:QQgq5rBxp2wMfxKIC/EB1Ylc+GMvDiZyfrP2/R29HamLxD:Bprp2weKIXHYlHAbSl

Score

10^/10

agenttesla keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

rorr99086.exe

Resource

win7-20231215-en

agenttesla keylogger spyware stealer trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

rorr99086.exe

Resource

win10v2004-20231215-en

agenttesla keylogger spyware stealer trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sturmsgroup.com
Port:
587
Username:
[email protected]
Password:
hs_B2R1px4ASsOhR
Email To:
[email protected]

Targets

- Target
  
  rorr99086.exe
- Size
  
  713KB
- MD5
  
  6a63848f4eae36089df5648b3c614720
- SHA1
  
  950a1ce5706984530e14d075831f09ccac52ff5e
- SHA256
  
  0bc70feb553bde362d94c650261f67ba9c56502ad04c838ff2d7c4fc49a45fb1
- SHA512
  
  ec3eb74f361415f067c624b033fae126f44946a9ed29aa9d5505ae24cef0faa846ce83f3ab58f1a9998ca3329dde987344064c671ac8b449aa5c9df1628a33f2
- SSDEEP
  
  12288:lsHzOUNUSB/o5LsI1uwajJ5yvv1l2CFM2wQMv7iZyzxP2hR29namdxK:ciUmSB/o5d1ubcvvM24YbkS
Score

10^/10

agenttesla keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojanupx

behavioral2

agentteslakeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy