agenttesla | 3716f1103a0032113879b6ed4b8d705be19216257c345cda9e366e8d94559fa0 | Triage

Submit
Reports

Overview

overview

Static

static

3

2010e737f4...18.exe

windows7-x64

2010e737f4...18.exe

windows10-2004-x64

Sharing

General

Target

2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118
Size

595KB
Sample

240329-mxbg3sfb3x
MD5

2010e737f4435fd3f46c0055ba44a73c
SHA1

d04fde1d87cc96dcc16158d756a8a4f330a6e7bf
SHA256

3716f1103a0032113879b6ed4b8d705be19216257c345cda9e366e8d94559fa0
SHA512

fb10989bee0ffe9508599bd9f2f697e486cce91f2a0e2c7de9f324788e58414467630a633a7fd3a2a2097c7c8fccb0e00224519fb0df15e462eb1fa49befe0b9
SSDEEP

12288:5ISAMSSBfjjgY0fy2EsteVNU/50CxFgjvXhH9PVA5saTYIIujjefgAAann:0yBfYpfd8Nq50CxKvn5aT7jyYa

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118.exe

Resource

win10v2004-20240226-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.copangroup.xyz
Port:
587
Username:
[email protected]
Password:
gibson.1990

Targets

- Target
  
  2010e737f4435fd3f46c0055ba44a73c_JaffaCakes118
- Size
  
  595KB
- MD5
  
  2010e737f4435fd3f46c0055ba44a73c
- SHA1
  
  d04fde1d87cc96dcc16158d756a8a4f330a6e7bf
- SHA256
  
  3716f1103a0032113879b6ed4b8d705be19216257c345cda9e366e8d94559fa0
- SHA512
  
  fb10989bee0ffe9508599bd9f2f697e486cce91f2a0e2c7de9f324788e58414467630a633a7fd3a2a2097c7c8fccb0e00224519fb0df15e462eb1fa49befe0b9
- SSDEEP
  
  12288:5ISAMSSBfjjgY0fy2EsteVNU/50CxFgjvXhH9PVA5saTYIIujjefgAAann:0yBfYpfd8Nq50CxKvn5aT7jyYa
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy