agenttesla | 313ecfc83dfd696344b0492c40c106b7ee33d06f3dfdac17200864e8214cb5bb | Triage

Submit
Reports

Overview

overview

Static

static

3

165aa90598...18.exe

windows7-x64

165aa90598...18.exe

windows10-2004-x64

1

Sharing

General

Target

165aa905981301839ab3707a6aff8103_JaffaCakes118
Size

459KB
Sample

240329-c4p9psff2t
MD5

165aa905981301839ab3707a6aff8103
SHA1

2e998404e149b9f7a652ecd0ddb9ace7a787f7b8
SHA256

313ecfc83dfd696344b0492c40c106b7ee33d06f3dfdac17200864e8214cb5bb
SHA512

49728df28a5d0d87414835e8d197ba36254834a61f21d53af9377cbf36db9c1574541b29d772bfbd0c435753ff30ee29e195fe34fc9445422d5e91a85d77f9f4
SSDEEP

6144:ZE500zV6Lfl+RQmsaGSHHdivSHwm5CZq2AnK+LDqf7Q/ZRk0LLzQ8AJYk:C5jkrwPlGM9ivSHv52+qDQDzRk

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

165aa905981301839ab3707a6aff8103_JaffaCakes118.exe

Resource

win7-20240319-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

165aa905981301839ab3707a6aff8103_JaffaCakes118.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.w2opt.com
Port:
587
Username:
[email protected]
Password:
wTwo@2018
Email To:
[email protected]

Targets

- Target
  
  165aa905981301839ab3707a6aff8103_JaffaCakes118
- Size
  
  459KB
- MD5
  
  165aa905981301839ab3707a6aff8103
- SHA1
  
  2e998404e149b9f7a652ecd0ddb9ace7a787f7b8
- SHA256
  
  313ecfc83dfd696344b0492c40c106b7ee33d06f3dfdac17200864e8214cb5bb
- SHA512
  
  49728df28a5d0d87414835e8d197ba36254834a61f21d53af9377cbf36db9c1574541b29d772bfbd0c435753ff30ee29e195fe34fc9445422d5e91a85d77f9f4
- SSDEEP
  
  6144:ZE500zV6Lfl+RQmsaGSHHdivSHwm5CZq2AnK+LDqf7Q/ZRk0LLzQ8AJYk:C5jkrwPlGM9ivSHv52+qDQDzRk
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy