agenttesla | c044bd671515d2cc8686421b190f4f0a790609ed953a123672a3d9e911155297 | Triage

Submit
Reports

Overview

overview

Static

static

5

ZD-6366370...__.exe

windows7-x64

ZD-6366370...__.exe

windows10-2004-x64

Sharing

General

Target

c044bd671515d2cc8686421b190f4f0a790609ed953a123672a3d9e911155297
Size

579KB
Sample

240430-bky7tsfh54
MD5

256d5396e80c981e0d3024cde6808cbd
SHA1

b529c1810cf0aa221726cbf28411ff8da097a043
SHA256

c044bd671515d2cc8686421b190f4f0a790609ed953a123672a3d9e911155297
SHA512

29a8345103d13096cd293cad702c356311d4c650d009dcd5cbe144f8760b4d2d5ab64dc73c059a7bb3e8ef408dce451569d5f18b2a65f006c587749b35465d30
SSDEEP

12288:MHMZvF29zA2rFvqE1txuK37XKtQz/XEW1LzPKbd82MqHLybs:MIoAWRqytnjKqLXzOrr

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ZD-6366370128-8900237723992______________________________.exe

Resource

win7-20231129-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZD-6366370128-8900237723992______________________________.exe

Resource

win10v2004-20240419-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
rwe87$%21q
Email To:
[email protected]

Targets

- Target
  
  ZD-6366370128-8900237723992______________________________.exe
- Size
  
  1.0MB
- MD5
  
  42d70514681b2fde2102b5848dc3cddf
- SHA1
  
  1354649da70973dff6fc90607aa4922034ad9800
- SHA256
  
  9ff7aefc37e4add2457417f35ba73e8c53a4f9ab7ced0656fec94ac8f5e35630
- SHA512
  
  ddcc7bd562610b5c31cf117599dd6fb96bbb4c84c53ed4d220d0029d6e376ea262e682e91b1629ef3bcdf1876c250f71bc84f100e611492bdb1526103c14b252
- SSDEEP
  
  24576:hAHnh+eWsN3skA4RV1Hom2KXMmHazFuynO45:4h+ZkldoPK8YazjnF
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy