agenttesla | 53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f | Triage

Submit
Reports

Overview

overview

Static

static

3

53ab6484b5...9f.exe

windows7-x64

53ab6484b5...9f.exe

windows10-2004-x64

Sharing

General

Target

53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
Size

710KB
Sample

240426-cmtksshb9y
MD5

cf0776855417e003ef785432ecfbad01
SHA1

18f76ab26f69adf2ac6d3f66f79a094a5cf27f98
SHA256

53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
SHA512

a5fb0cf51c9a5fed37521c4d9dfab88149440ad992efe32518615586f948d037df1da5b5c3b1ba1e1500eb8c822f707f248a3772a850ee5fa1187b2e04f180e1
SSDEEP

12288:QWYIPXjxannnHg2XiT4fBw6yCwYgpsMybhQxFuZ0Dk+zNCraCRWy1awzM9Rp9Gq:QWYIPFannnHg284fBwewYdQxAZ0Dk+zR

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f.exe

Resource

win10v2004-20240412-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.al-subai.com
Port:
587
Username:
info@al-subai.com
Password:
information12
Email To:
greensavag@yandex.com

Targets

- Target
  
  53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
- Size
  
  710KB
- MD5
  
  cf0776855417e003ef785432ecfbad01
- SHA1
  
  18f76ab26f69adf2ac6d3f66f79a094a5cf27f98
- SHA256
  
  53ab6484b54697d84f137ab23d0024d82a4295a624a57240ca6c0b5e5af7419f
- SHA512
  
  a5fb0cf51c9a5fed37521c4d9dfab88149440ad992efe32518615586f948d037df1da5b5c3b1ba1e1500eb8c822f707f248a3772a850ee5fa1187b2e04f180e1
- SSDEEP
  
  12288:QWYIPXjxannnHg2XiT4fBw6yCwYgpsMybhQxFuZ0Dk+zNCraCRWy1awzM9Rp9Gq:QWYIPFannnHg284fBwewYdQxAZ0Dk+zR
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy