agenttesla | 75ef5347b89c022e71d95b571ba2b22d0c5735f9897eae8d41e20e0645d536ce | Triage

Submit
Reports

Overview

overview

Static

static

5

Νέα π�...90.exe

windows10-1703-x64

Νέα π�...90.exe

windows10-2004-x64

Sharing

General

Target

Νέα παραγγελία 4503533950_7685434467890.gz
Size

528KB
Sample

240429-q8hx3scb78
MD5

cb1b20632045714867e7150823533872
SHA1

963bf14d3bc753a48a0e8ca3f6be6c1f47e84e69
SHA256

75ef5347b89c022e71d95b571ba2b22d0c5735f9897eae8d41e20e0645d536ce
SHA512

2d677548085bfa7d74c22d95aa8c16f879f95d42c289db340a923fa9c4703c968dee5647e33cc5267fe6674ad1c1e7cc84c70e3c2f1ecf54be9b66164200b99d
SSDEEP

12288:oAWBbmKZGoCPG1szBHh0Mqy7jSg6LUK3pIVv9vszIMkPH:oA0mboC59yjyXSVYK69kzaH

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Νέα παραγγελία 4503533950_7685434467890.exe

Resource

win10-20240404-en

agenttesla collection keylogger spyware stealer trojan

windows10-1703-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Νέα παραγγελία 4503533950_7685434467890.exe

Resource

win10v2004-20240419-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.corpsa.net
Port:
21
Username:
[email protected]
Password:
-E~O8rekW5UT

Targets

- Target
  
  Νέα παραγγελία 4503533950_7685434467890.exe
- Size
  
  1018KB
- MD5
  
  dbd4f010589c6f113ad887ac66e4a145
- SHA1
  
  3b527e5c758fbfd5f033b965b521f8b8c688b33f
- SHA256
  
  c8e9d5272f7c20ac0d0de39130700a849e215f495e1b56f77d6ed26e5ff29593
- SHA512
  
  8a7b3bf80675450030bc8c8d2b5f3a1460736dc7dabbed0f80f2f158128a2f67fd13c99a523df75fc156559439918809c9dda129744b1ae39d98aa3bef618bea
- SSDEEP
  
  24576:UAHnh+eWsN3skA4RV1Hom2KXMmHaruGKBGcyG5:jh+ZkldoPK8YarNKYy
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy