agenttesla | d320188e96ec3b90f0e333405a3b3cfbcbd203c0e5dbd9d7659dc3b73a1d651b | Triage

Submit
Reports

Overview

overview

Static

static

5

aa64d8ae63...31.exe

windows7-x64

aa64d8ae63...31.exe

windows10-2004-x64

Sharing

General

Target

076cf92f619d12f0d132979802bf5700.bin
Size

613KB
Sample

240327-bfhdhsbe5y
MD5

4c19fbec6addf7d11a38d489fef0041c
SHA1

f6240e34b6e09a10152e92c51f5d9136366ebc3f
SHA256

d320188e96ec3b90f0e333405a3b3cfbcbd203c0e5dbd9d7659dc3b73a1d651b
SHA512

58c6458a8b8d14aaaa367072d446396a29411deb03b05541e3ae6e1ad507e311dbf45a04d9c8f1c269b85a4af3ba3d62678a934ca3b5a1b66938be02e7ef81d8
SSDEEP

12288:ONoD/k7cJN3KrtoJ2aV+kOc5UH2VBCa8v8YpLk4z95zVsW9rnb:O2jUmN3KrtoxOc5U8/8v8IT9pVnb

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731.exe

Resource

win7-20240215-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
-GN,s*KH{VEhPmo)+f

Targets

- Target
  
  aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731.exe
- Size
  
  1.0MB
- MD5
  
  076cf92f619d12f0d132979802bf5700
- SHA1
  
  51dea616dfa3dbff0d40078046f227e8f2dea822
- SHA256
  
  aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731
- SHA512
  
  1f757a824946de10c0660580c0164fe3cbc32911f4deb7937db1a15c6ddc2c0551ddec8e1ffcf429538d52ae241bf2252ef501daab06e5f3d0456f8203503387
- SSDEEP
  
  24576:XAHnh+eWsN3skA4RV1Hom2KXMmHaHt3WOhH15:Kh+ZkldoPK8YaHlWOZ
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy