agenttesla | f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1 | Triage

Submit
Reports

Overview

overview

Static

static

1

f0a27618b5...1.xlam

windows7-x64

f0a27618b5...1.xlam

windows10-2004-x64

1

Sharing

General

Target

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlsx
Size

688KB
Sample

240327-c9m2jaba57
MD5

dd2f4303249786c6fa25e9b16664f1ec
SHA1

9fd8215c6da713423874bf29cd66dc87429176a7
SHA256

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1
SHA512

462ab897b86af39973fdc8db736d4079032c1596538bc0000c69e4d869f896e2f54d7ecf308f5654da5791bccc6002184f38c32807a1605e1a60390c7ba026b1
SSDEEP

12288:DdtGeA+wXto4IFqqAzAsOppH5RZ6DF83ND8hc/ejS7j44RhTBkP:DdtGewXto4IZAzKTjZ6DFkNgc/gS7j5c

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlam

Resource

win7-20240221-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlam

Resource

win10v2004-20240226-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
rwe87$%21q
Email To:
[email protected]

Targets

- Target
  
  f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlsx
- Size
  
  688KB
- MD5
  
  dd2f4303249786c6fa25e9b16664f1ec
- SHA1
  
  9fd8215c6da713423874bf29cd66dc87429176a7
- SHA256
  
  f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1
- SHA512
  
  462ab897b86af39973fdc8db736d4079032c1596538bc0000c69e4d869f896e2f54d7ecf308f5654da5791bccc6002184f38c32807a1605e1a60390c7ba026b1
- SSDEEP
  
  12288:DdtGeA+wXto4IFqqAzAsOppH5RZ6DF83ND8hc/ejS7j44RhTBkP:DdtGewXto4IZAzKTjZ6DFkNgc/gS7j5c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy