agenttesla | b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb | Triage

Submit
Reports

Overview

overview

Static

static

1

b54b581b34...eb.xls

windows7-x64

b54b581b34...eb.xls

windows10-2004-x64

1

Sharing

General

Target

b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb
Size

49KB
Sample

240327-bjlv4sbf31
MD5

9b4517dc8875fab1adea22996481d64e
SHA1

6c548121d56a13cca9785aa0044a1d4e411c3a96
SHA256

b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb
SHA512

355678b9814f83004d92a014f32b6b7d2367c70447425f7a81fa622a06d661a28e1bc6679e7e0d0310aafdfe042083a526f6e31b76be8cf249acf302471d5af0
SSDEEP

768:uXyBP06LlsmK0+eq1EYR6B1iVE5VYKL6:uX686KmK0+eq141iVE5aKL

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb.xls

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb.xls

Resource

win10v2004-20240226-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.elquijotebanquetes.com
Port:
21
Username:
[email protected]
Password:
4r@d15PS!-!h

Targets

- Target
  
  b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb
- Size
  
  49KB
- MD5
  
  9b4517dc8875fab1adea22996481d64e
- SHA1
  
  6c548121d56a13cca9785aa0044a1d4e411c3a96
- SHA256
  
  b54b581b34dc387949ed8c6502bfe4a435aa17288cd4a5563339e7966a51c7eb
- SHA512
  
  355678b9814f83004d92a014f32b6b7d2367c70447425f7a81fa622a06d661a28e1bc6679e7e0d0310aafdfe042083a526f6e31b76be8cf249acf302471d5af0
- SSDEEP
  
  768:uXyBP06LlsmK0+eq1EYR6B1iVE5VYKL6:uX686KmK0+eq141iVE5aKL
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Abuses OpenXML format to download file from external location
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy