agenttesla | f6a0c9c4c8afebbbb42f3e24874ed1c67f064464e9e636bfeffd02150f055642 | Triage

Submit
Reports

Overview

overview

Static

static

1

f0a27618b5...1.xlam

windows7-x64

f0a27618b5...1.xlam

windows10-2004-x64

1

Sharing

General

Target

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.zip
Size

687KB
Sample

240327-bjlkcagf57
MD5

84a794f945d50fe600f910d93b6597a7
SHA1

8985ca07dd1bbbd970e834a80f066fc53eefe410
SHA256

f6a0c9c4c8afebbbb42f3e24874ed1c67f064464e9e636bfeffd02150f055642
SHA512

a3c2f114af9f7f3b52ed5b6bc63bbc3124d36a07edbead8ceaf0300660cebdd08e068698983f25d69cf8ade227974a02acf5f37d37dc70a3d656cfd68a24a9d6
SSDEEP

12288:2JlASURYDS4JQfNnhlvZVQ9K8iMZH4A/URAODmyV+Hc5P5eE9RfZ2:Ol2G/JQfNnh1Dmx/xURAODj+HeP5e0K

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlam

Resource

win7-20240221-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

22 signatures

30 seconds

Behavioral task

behavioral2

Sample

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlam

Resource

win10v2004-20240226-en

windows10-2004-x64

8 signatures

30 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
rwe87$%21q
Email To:
[email protected]

Targets

- Target
  
  f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlsx
- Size
  
  688KB
- MD5
  
  dd2f4303249786c6fa25e9b16664f1ec
- SHA1
  
  9fd8215c6da713423874bf29cd66dc87429176a7
- SHA256
  
  f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1
- SHA512
  
  462ab897b86af39973fdc8db736d4079032c1596538bc0000c69e4d869f896e2f54d7ecf308f5654da5791bccc6002184f38c32807a1605e1a60390c7ba026b1
- SSDEEP
  
  12288:DdtGeA+wXto4IFqqAzAsOppH5RZ6DF83ND8hc/ejS7j44RhTBkP:DdtGewXto4IZAzKTjZ6DFkNgc/gS7j5c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy