agenttesla | 057d53666aa40a761b4b096b884862cc108552bcb3a46bc92af7033e720612df | Triage

Submit
Reports

Overview

overview

Static

static

3

19ed94f544...18.exe

windows7-x64

19ed94f544...18.exe

windows10-2004-x64

Sharing

General

Target

19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118
Size

395KB
Sample

240329-gdbqvabf62
MD5

19ed94f5448950a9d5bcd63228a635b3
SHA1

e7a88d2e71f82ac41195e766a47d1b9fd497ffd1
SHA256

057d53666aa40a761b4b096b884862cc108552bcb3a46bc92af7033e720612df
SHA512

036b3736308545aea0d341c1c2ccd7156ac5ba37f9f8fe442104d814c145022f715b6b0fa126a76e1f6bc80119486091b7b85b1ccdc7284544a90057451e3333
SSDEEP

12288:tesvMU9Rthob6zMoqin2cQ5T6MQkMi0oJR4QuNzC:tXMUAazyTVQJi00vV

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118.exe

Resource

win7-20240215-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118.exe

Resource

win10v2004-20231215-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0023.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
User@40378

Targets

- Target
  
  19ed94f5448950a9d5bcd63228a635b3_JaffaCakes118
- Size
  
  395KB
- MD5
  
  19ed94f5448950a9d5bcd63228a635b3
- SHA1
  
  e7a88d2e71f82ac41195e766a47d1b9fd497ffd1
- SHA256
  
  057d53666aa40a761b4b096b884862cc108552bcb3a46bc92af7033e720612df
- SHA512
  
  036b3736308545aea0d341c1c2ccd7156ac5ba37f9f8fe442104d814c145022f715b6b0fa126a76e1f6bc80119486091b7b85b1ccdc7284544a90057451e3333
- SSDEEP
  
  12288:tesvMU9Rthob6zMoqin2cQ5T6MQkMi0oJR4QuNzC:tXMUAazyTVQJi00vV
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy