agenttesla | 8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10 | Triage

Submit
Reports

Overview

overview

Static

static

7

8c00c076e7...10.exe

windows7-x64

8c00c076e7...10.exe

windows10-2004-x64

Sharing

General

Target

8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
Size

573KB
Sample

240425-b9evgsdd2t
MD5

4a3d4751d1940b8cfa1f7b27fea33743
SHA1

53377dc4e1f2b7d2c8c656b3267af518d12c954a
SHA256

8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
SHA512

bd587d6006e32b7e0605313e711024092a7053fa6a5a741eb8354b6e4f5eccbbad861bb6fecf25e6b9c0cc8985305330b2e1863483c4b932af84c14e978164f7
SSDEEP

12288:bsHzOUNUSB/o5LsI1uwajJ5yvv1l2vnJW/PZCQeBio5NSla:KiUmSB/o5d1ubcvk4/jJiNQa

Score

10^/10

agenttesla keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10.exe

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.aquareklam.com
Port:
587
Username:
[email protected]
Password:
Aqua1923

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.aquareklam.com
Port:
587
Username:
[email protected]
Password:
Aqua1923
Email To:
[email protected]

Targets

- Target
  
  8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
- Size
  
  573KB
- MD5
  
  4a3d4751d1940b8cfa1f7b27fea33743
- SHA1
  
  53377dc4e1f2b7d2c8c656b3267af518d12c954a
- SHA256
  
  8c00c076e72e443dfcf12ef47980c196b3333fcc710796ff55312cebf9a36b10
- SHA512
  
  bd587d6006e32b7e0605313e711024092a7053fa6a5a741eb8354b6e4f5eccbbad861bb6fecf25e6b9c0cc8985305330b2e1863483c4b932af84c14e978164f7
- SSDEEP
  
  12288:bsHzOUNUSB/o5LsI1uwajJ5yvv1l2vnJW/PZCQeBio5NSla:KiUmSB/o5d1ubcvk4/jJiNQa
Score

10^/10

agenttesla keylogger spyware stealer trojan upx
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojanupx

behavioral2

agentteslakeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy