agenttesla | a7ae2c69ff2d3d5ebb15f69f9151bb99ee3ed333fdd42eb75b7044161bf8818e | Triage

Submit
Reports

Overview

overview

Static

static

3

23973cb9ba...18.exe

windows7-x64

23973cb9ba...18.exe

windows10-2004-x64

Sharing

General

Target

23973cb9baa01a886c7551d666ba7006_JaffaCakes118
Size

866KB
Sample

240329-q3fwjahh3t
MD5

23973cb9baa01a886c7551d666ba7006
SHA1

097f07fd6db247bcac29ef8f5e8566e7f19d2227
SHA256

a7ae2c69ff2d3d5ebb15f69f9151bb99ee3ed333fdd42eb75b7044161bf8818e
SHA512

8ad5424fc34e15d27b688de10029e31faa4c70a109c4daebba45dba74d0723f294b39004b5ae0f782c475c6e5b7bd0c42aafac7112b6c46e90b866419e749a59
SSDEEP

24576:NgTiy5KGy4xaxvSVXr4L4852MMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMX:Ng+gaIr46MMMMMMMMMMMuMMMMMMMMMMw

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

23973cb9baa01a886c7551d666ba7006_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

23973cb9baa01a886c7551d666ba7006_JaffaCakes118.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.indiacarpet.in
Port:
587
Username:
[email protected]
Password:
india@12345

Targets

- Target
  
  23973cb9baa01a886c7551d666ba7006_JaffaCakes118
- Size
  
  866KB
- MD5
  
  23973cb9baa01a886c7551d666ba7006
- SHA1
  
  097f07fd6db247bcac29ef8f5e8566e7f19d2227
- SHA256
  
  a7ae2c69ff2d3d5ebb15f69f9151bb99ee3ed333fdd42eb75b7044161bf8818e
- SHA512
  
  8ad5424fc34e15d27b688de10029e31faa4c70a109c4daebba45dba74d0723f294b39004b5ae0f782c475c6e5b7bd0c42aafac7112b6c46e90b866419e749a59
- SSDEEP
  
  24576:NgTiy5KGy4xaxvSVXr4L4852MMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMX:Ng+gaIr46MMMMMMMMMMMuMMMMMMMMMMw
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy