agenttesla | 4827c1bdf5000cc8fc280fa631d36c752d0cdd7b0b357671ef1ebc46a11c440f | Triage

Submit
Reports

Overview

overview

Static

static

3

f935b6c7f2...18.exe

windows7-x64

1

f935b6c7f2...18.exe

windows10-2004-x64

Sharing

General

Target

f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118
Size

685KB
Sample

240419-by1b2sea3s
MD5

f935b6c7f24be477a23044fa9a9dc9a5
SHA1

e67fb9bcf9975e0c6c4122ec7b25e61de6d1ba24
SHA256

4827c1bdf5000cc8fc280fa631d36c752d0cdd7b0b357671ef1ebc46a11c440f
SHA512

4b9587402b0f2e99af2aeec67307db55c0323228b8e863506f52b7d8d612aa3fdef4104ded5f5adbff7c546a2e91f558c45080f45b80fbf51ee98baeefc9dd34
SSDEEP

12288:8Bszn2zd6HX+qs+WWhRmmXikb0iTvDcicTB4vs8w:2mnAd6OqszYRmsXb0iTrcVyvs8w

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118.exe

Resource

win10v2004-20240412-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.karsanmax.com
Port:
587
Username:
info@karsanmax.com
Password:
erk#bmc2007
Email To:
ginzza.kw@gmail.com

Targets

- Target
  
  f935b6c7f24be477a23044fa9a9dc9a5_JaffaCakes118
- Size
  
  685KB
- MD5
  
  f935b6c7f24be477a23044fa9a9dc9a5
- SHA1
  
  e67fb9bcf9975e0c6c4122ec7b25e61de6d1ba24
- SHA256
  
  4827c1bdf5000cc8fc280fa631d36c752d0cdd7b0b357671ef1ebc46a11c440f
- SHA512
  
  4b9587402b0f2e99af2aeec67307db55c0323228b8e863506f52b7d8d612aa3fdef4104ded5f5adbff7c546a2e91f558c45080f45b80fbf51ee98baeefc9dd34
- SSDEEP
  
  12288:8Bszn2zd6HX+qs+WWhRmmXikb0iTvDcicTB4vs8w:2mnAd6OqszYRmsXb0iTrcVyvs8w
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy