agenttesla | fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0 | Triage

Submit
Reports

Overview

overview

Static

static

1

fc9358b07f...f0.rtf

windows7-x64

fc9358b07f...f0.rtf

windows10-2004-x64

1

Sharing

General

Target

fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
Size

66KB
Sample

240224-bj6khsec9x
MD5

6acd8bd21ffe473520fe45648b23862b
SHA1

3cb79f909f5e3d9b1f0206e5c7df25ab5d5dab0e
SHA256

fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
SHA512

9d60acdfcd5ca23a10614786f8b6931511e1ecc3413110a7abec26d8737df14d900f9c2dd1eab3ffb11803895f0dca22817b577cc0b29462126f06d412a636a1
SSDEEP

1536:NKCaw9aiSE6jpewSFiqg4VSLMnhPUp3cH9M:JzASiwVSLMnhMps6

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0.rtf

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0.rtf

Resource

win10v2004-20240221-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
4r@d15PS!-!h

Targets

- Target
  
  fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
- Size
  
  66KB
- MD5
  
  6acd8bd21ffe473520fe45648b23862b
- SHA1
  
  3cb79f909f5e3d9b1f0206e5c7df25ab5d5dab0e
- SHA256
  
  fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
- SHA512
  
  9d60acdfcd5ca23a10614786f8b6931511e1ecc3413110a7abec26d8737df14d900f9c2dd1eab3ffb11803895f0dca22817b577cc0b29462126f06d412a636a1
- SSDEEP
  
  1536:NKCaw9aiSE6jpewSFiqg4VSLMnhPUp3cH9M:JzASiwVSLMnhMps6
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy