agenttesla | 7fdcf8b6fa88225eb0938e3eb84ee20fbc757f24de8a62e75274ead764902351 | Triage

Submit
Reports

Overview

overview

Static

static

3

2b77d25e16...18.exe

windows7-x64

2b77d25e16...18.exe

windows10-2004-x64

Sharing

General

Target

2b77d25e16d7b950e8a4b0d9c92e046e_JaffaCakes118
Size

743KB
Sample

240329-yrjr2shc44
MD5

2b77d25e16d7b950e8a4b0d9c92e046e
SHA1

9c3bba964e5ec8cf1a8712f4d34937eb30f79e6b
SHA256

7fdcf8b6fa88225eb0938e3eb84ee20fbc757f24de8a62e75274ead764902351
SHA512

f71ee1a50586f808a1c768be2ade9e1806469dda2fc449b172e8f264bb438c41ca35930dd047af317b3458d3d924567272b0a4354aaaf776df444454c8b8482c
SSDEEP

12288:3gTEcqbVxLiVMyaEj9Swelx4P2P+qrGqjXVFZG2vV:wTErJxLiZCwelxe++

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2b77d25e16d7b950e8a4b0d9c92e046e_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b77d25e16d7b950e8a4b0d9c92e046e_JaffaCakes118.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.spinneker.co.uk
Port:
587
Username:
[email protected]
Password:
IPzvDNU7

Targets

- Target
  
  2b77d25e16d7b950e8a4b0d9c92e046e_JaffaCakes118
- Size
  
  743KB
- MD5
  
  2b77d25e16d7b950e8a4b0d9c92e046e
- SHA1
  
  9c3bba964e5ec8cf1a8712f4d34937eb30f79e6b
- SHA256
  
  7fdcf8b6fa88225eb0938e3eb84ee20fbc757f24de8a62e75274ead764902351
- SHA512
  
  f71ee1a50586f808a1c768be2ade9e1806469dda2fc449b172e8f264bb438c41ca35930dd047af317b3458d3d924567272b0a4354aaaf776df444454c8b8482c
- SSDEEP
  
  12288:3gTEcqbVxLiVMyaEj9Swelx4P2P+qrGqjXVFZG2vV:wTErJxLiZCwelxe++
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy