agenttesla | 100e97794ac2d4cbc658886683b4f57cb10974b80326cb79d6c6819839980392 | Triage

Submit
Reports

Overview

overview

Static

static

1

Standard C...06.bat

windows7-x64

1

Standard C...06.bat

windows10-2004-x64

Sharing

General

Target

100e97794ac2d4cbc658886683b4f57cb10974b80326cb79d6c6819839980392
Size

1.2MB
Sample

240328-b26cgacf9y
MD5

c5280d389ac777b0450ed1da174ef722
SHA1

46a4435c3eb2afe08203ac6181a827d5b6c6a5fe
SHA256

100e97794ac2d4cbc658886683b4f57cb10974b80326cb79d6c6819839980392
SHA512

acb8ffa4d0904ec1f73c473313f4437d670d39eae92fa2e403c1fe37e4f06ed259af39328b3a8609553c89d554e750ce86e429d1bb72580a75b4f1765932e35a
SSDEEP

3072:iW/4wIRm6CsFo1CH22h7sC/eeLmd5wsFbZuZemHY2tWiVqd5JSH9hxnAK3irrdtJ:uusFJh3Sd5tru1HVUAAK34rdt

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Standard Chartered PAYMENT _ADVICE_MT_106.bat

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Standard Chartered PAYMENT _ADVICE_MT_106.bat

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7012280903:AAEdEQUbH883t1SaXtDTSCypvj_4BIsCCxY/

Targets

- Target
  
  Standard Chartered PAYMENT _ADVICE_MT_106.bat
- Size
  
  192KB
- MD5
  
  0ee6662615731ffcd198cb8f41c4a212
- SHA1
  
  9e6020aa1086720f6eebb7ccb9538e3f70bb7234
- SHA256
  
  a579d37d72cdb59ee457ee47961807df604f9cbdf890a5453f5294078adf5ec5
- SHA512
  
  b6ddabc819683cdc170a5799f419af8c18c79bc05377027a54e607e50a1ca1c7b1b94d06dd1db8fc56751700f60567692888ee191b18f5dabec3388cf20cba0a
- SSDEEP
  
  3072:N/4wIRm6CsFo1CH22h7sC/eeLmd5wsFbZuZemHY2tWiVqd5JSH9hxnAK3irrdtJ0:iusFJh3Sd5tru1HVUAAK34rdtW
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy