agenttesla | 7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8 | Triage

Submit
Reports

Overview

overview

Static

static

1

7dd4b6a2d1...d8.rtf

windows7-x64

7dd4b6a2d1...d8.rtf

windows10-2004-x64

1

Sharing

General

Target

7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
Size

1.1MB
Sample

240327-b4c4pshd77
MD5

b108f66a7dcac2f3e25394d3b720cb25
SHA1

07c57cb804aa69f303133a936dee48eb616f4683
SHA256

7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
SHA512

d31c422afe44cbd23032c55ad5c5402bc2368bc1b366ef04b42218cccce217d7c082f8ef9a1c4cfa4ceb1aba807b5d54bdc7c4ddeb03a128b105cac8ff35d473
SSDEEP

24576:FZw+vVHcyqWzxhtuFf6N9ddeUavUJsErp/HIi93aGdsuoSn5Fa:Q

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8.rtf

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8.rtf

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.gosportz.in
Port:
587
Username:
[email protected]
Password:
Ss@gosportz
Email To:
[email protected]

Targets

- Target
  
  7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
- Size
  
  1.1MB
- MD5
  
  b108f66a7dcac2f3e25394d3b720cb25
- SHA1
  
  07c57cb804aa69f303133a936dee48eb616f4683
- SHA256
  
  7dd4b6a2d1e23618f6eed134f4439475621e267a5afc5e2e12a194614a08f0d8
- SHA512
  
  d31c422afe44cbd23032c55ad5c5402bc2368bc1b366ef04b42218cccce217d7c082f8ef9a1c4cfa4ceb1aba807b5d54bdc7c4ddeb03a128b105cac8ff35d473
- SSDEEP
  
  24576:FZw+vVHcyqWzxhtuFf6N9ddeUavUJsErp/HIi93aGdsuoSn5Fa:Q
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy