agenttesla | a14d645e118d838d68bcde88cd3dc88bd7fa6ff95a04e3ff3e1f8916e1984b65 | Triage

Submit
Reports

Overview

overview

Static

static

5

Νέα π�...90.exe

windows7-x64

Νέα π�...90.exe

windows10-2004-x64

3

Sharing

General

Target

963bf14d3bc753a48a0e8ca3f6be6c1f47e84e69.rar.tar.gz
Size

528KB
Sample

240429-jll8nadf93
MD5

6280109b7cd12fcc6695cb429d49d2f5
SHA1

b8c33e0c06e49255c66be1bdc456fae2e00d68b0
SHA256

a14d645e118d838d68bcde88cd3dc88bd7fa6ff95a04e3ff3e1f8916e1984b65
SHA512

298e96260cf15746d0daf866a78e533f95bcbcaee97266c5c9ca9bd20d3aab35032c951b25a23bb552cac18660070e1f89c7450d48116e92d9c0b87d260346d9
SSDEEP

12288:pGj8dTp2LzLdoKVMpw/ZwENfsPPUAinEoEIzNpnFaIwrJLi:pTp2SKew/ZxsXUDnppNpFsi

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Νέα παραγγελία 4503533950_7685434467890.exe

Resource

win7-20240221-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Νέα παραγγελία 4503533950_7685434467890.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.corpsa.net
Port:
21
Username:
[email protected]
Password:
-E~O8rekW5UT

Targets

- Target
  
  Νέα παραγγελία 4503533950_7685434467890.exe
- Size
  
  1018KB
- MD5
  
  dbd4f010589c6f113ad887ac66e4a145
- SHA1
  
  3b527e5c758fbfd5f033b965b521f8b8c688b33f
- SHA256
  
  c8e9d5272f7c20ac0d0de39130700a849e215f495e1b56f77d6ed26e5ff29593
- SHA512
  
  8a7b3bf80675450030bc8c8d2b5f3a1460736dc7dabbed0f80f2f158128a2f67fd13c99a523df75fc156559439918809c9dda129744b1ae39d98aa3bef618bea
- SSDEEP
  
  24576:UAHnh+eWsN3skA4RV1Hom2KXMmHaruGKBGcyG5:jh+ZkldoPK8YarNKYy
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy