agenttesla | 3383e5ed89a4703ac88c7b8bfd322fb56d035e0dc4c9bb48be02b564e28d1818 | Triage

Submit
Reports

Overview

overview

Static

static

3

17d8d53fd6...18.exe

windows7-x64

17d8d53fd6...18.exe

windows10-2004-x64

7

$PLUGINSDI...bx.dll

windows7-x64

3

$PLUGINSDI...bx.dll

windows10-2004-x64

3

Sharing

General

Target

17d8d53fd6350073f157116447743278_JaffaCakes118
Size

374KB
Sample

240329-ek1mfahc6x
MD5

17d8d53fd6350073f157116447743278
SHA1

e17ad61a624dc3f5a788c5fb652ac4ab6a4dddbd
SHA256

3383e5ed89a4703ac88c7b8bfd322fb56d035e0dc4c9bb48be02b564e28d1818
SHA512

36a0ef70842bc17817fadc340954fc5a190c303fe289d618dd165a92c46662a78b522f28d06811c8e22edefef4f8da2e137ba1e2af80bb16e2a9f86e996ddde2
SSDEEP

6144:GBlL/BwNwqx8NG8zbLZyNCzMMl5svNd8xgfqdYi8cJT9PDf8xb7EPl71:EXwHx804bLZXK11qP8mTleb7ot1

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

17d8d53fd6350073f157116447743278_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

17d8d53fd6350073f157116447743278_JaffaCakes118.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/spdfabbx.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/spdfabbx.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  17d8d53fd6350073f157116447743278_JaffaCakes118
- Size
  
  374KB
- MD5
  
  17d8d53fd6350073f157116447743278
- SHA1
  
  e17ad61a624dc3f5a788c5fb652ac4ab6a4dddbd
- SHA256
  
  3383e5ed89a4703ac88c7b8bfd322fb56d035e0dc4c9bb48be02b564e28d1818
- SHA512
  
  36a0ef70842bc17817fadc340954fc5a190c303fe289d618dd165a92c46662a78b522f28d06811c8e22edefef4f8da2e137ba1e2af80bb16e2a9f86e996ddde2
- SSDEEP
  
  6144:GBlL/BwNwqx8NG8zbLZyNCzMMl5svNd8xgfqdYi8cJT9PDf8xb7EPl71:EXwHx804bLZXK11qP8mTleb7ot1
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/spdfabbx.dll
- Size
  
  105KB
- MD5
  
  a0f13c3729d70aa371add5038a1336fb
- SHA1
  
  c87d35c652abf87932fd9f1ba77ecc62e0a2281d
- SHA256
  
  03b50dc7cd5d915c6a19efd60a767fb3582913f23c231223fb6b44f7bde594b2
- SHA512
  
  09d2b2fd0dec0bf68a86bfeb4df9236dccf176f9135953984f5a69cd86b10001d3a71db30e09c6c91b20e561933574af2dbaf4bd406587b46b0c19630137be1c
- SSDEEP
  
  1536:wMUmgGAXhfejHsu0Oj0mSCeo/JJmwi0EpzRYAFV24kKnHjhPCkzue3Wkl/9ncobI:rUmgGAVesYtzlE59BHxl/r9pJ6e
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy