agenttesla | 3324a5f1e1a6e7b515ffc6eacd6fe52fbdb1fc0fb489a7136d9e28af154e32a2 | Triage

Submit
Reports

Overview

overview

Static

static

3

payment copy.exe

windows7-x64

payment copy.exe

windows10-2004-x64

Sharing

General

Target

3204c3b1d07e3d5069f5915bb78ec279_JaffaCakes118
Size

388KB
Sample

240330-dmvcrsge46
MD5

3204c3b1d07e3d5069f5915bb78ec279
SHA1

de5f20a2bdeafffed850c277f410273e1ab3e118
SHA256

3324a5f1e1a6e7b515ffc6eacd6fe52fbdb1fc0fb489a7136d9e28af154e32a2
SHA512

4febc0d4b71fdf088d1ccee8cc906be0ba19a02b246807473fb3a76d82c87a1fb861f027669b37ea36fcdbed6f166f6a7f771519acf3de78476a5ba609ceaf85
SSDEEP

12288:/xn/K72+qjhVgConJjyWAKG0YMLnCxFACIp:/hiCKIKG0Y2yyp

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

payment copy.exe

Resource

win7-20240221-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

payment copy.exe

Resource

win10v2004-20240226-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
sg2plcpnl0023.prod.sin2.secureserver.net
Port:
587
Username:
[email protected]
Password:
User@40378

Targets

- Target
  
  payment copy.exe
- Size
  
  433KB
- MD5
  
  52e5279607c6ee625b8d01bdef0771ba
- SHA1
  
  f136b9d2629bc255fcc36537f7ff1032ed05f3ab
- SHA256
  
  ae847091d872af53d8c8f3e9d590a6ddfd24d979bd336c8a8fd4cccd5de20db0
- SHA512
  
  00771c173de6a7d9ce07e9163928e8c9adad2cfd9f170f0f62529e4d98409a34d057b223bf2712081e4da95e90a02491d4a836f44d4d43efbab15d46e3606d85
- SSDEEP
  
  6144:F1p9bt3NMvsCTOlyW776WON2RWQLpjomRUf1ZZCyIPm1chl26N:F1VSvSILNwpjZiNZDIPmE
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy