agenttesla | 9454d10a57b4026bb1b1c6d054349605e3c728c5ae24549b464dd5af84246e9f | Triage

Submit
Reports

Overview

overview

Static

static

5

Purchase C...04.exe

windows7-x64

Purchase C...04.exe

windows10-2004-x64

3

Sharing

General

Target

9454d10a57b4026bb1b1c6d054349605e3c728c5ae24549b464dd5af84246e9f.zip
Size

622KB
Sample

240427-bxa1rsgb94
MD5

ea164330ba06fd9e4f5f71d5b5469d58
SHA1

e2be1b8b965ae4d433648540e20ad9daf8a97db6
SHA256

9454d10a57b4026bb1b1c6d054349605e3c728c5ae24549b464dd5af84246e9f
SHA512

2a92d858ddfcc6fcac335976b075e0fa94459ff934a845d03549748fa377b340fcd6b921aa269f65517777f903b60700724e50cd017c70bd095008b8a3d9f7ba
SSDEEP

12288:xyX/175ppnfwH7dWqz9vqUuv1W4N+u3qFeIV5whSDeOq4jnWrKoHHYCzOZDJi:SNwHhWSpqUOvX3hIYhAeOq8q4CzOZli

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Purchase Confirmation 003-23 170204/Purchase Confirmation 003-23 170204.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase Confirmation 003-23 170204/Purchase Confirmation 003-23 170204.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bezelety.top
Port:
587
Username:
office11@bezelety.top
Password:
KV?y1$dqdUzV
Email To:
office11@bezelety.top

Targets

- Target
  
  Purchase Confirmation 003-23 170204/Purchase Confirmation 003-23 170204.exe
- Size
  
  1.1MB
- MD5
  
  baf61e5dbe33cf47ad6ddc4076a07af9
- SHA1
  
  1fc141512c6a2a4715fd533d0adc1d8ce3c7842f
- SHA256
  
  ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a
- SHA512
  
  2463f0c87870b5ddac391dcb88209cef983db246447fe1844c303d0d33c0eb1d3f70f9a7895b4fea00690862b268a36cfd69f19c18478d96c57afdf0fe11e59f
- SSDEEP
  
  24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa39eGsaq4QzOZIRE5:ph+ZkldoPK8Ya3QGa4Q+IY
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy