agenttesla | 012bf942b1c423b80de54d74c7ed8cc051222861d0946d86b7a0504c30cbf176 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO-TR72627...24.exe

windows7-x64

PO-TR72627...24.exe

windows10-2004-x64

Sharing

General

Target

PO-TR726276201-00538845 GHM-REFU-2024.jar
Size

581KB
Sample

240509-g4x2rsha65
MD5

df61c33cea2d2f8afa0a0655501b2302
SHA1

675b4b9cc5b16c8e3cdd7a87aa598bfdade8bbaa
SHA256

012bf942b1c423b80de54d74c7ed8cc051222861d0946d86b7a0504c30cbf176
SHA512

b4f4ccf24636efc04ff76b04f378a6700654525216cd1fa8943c0254edcb19ec7e4f103c0ec1a0236c029f416dea419b962b72a9e39358090ba273389dd0dd4a
SSDEEP

12288:Jb6FmmPqxIB82tZ2BiBuoqUXKis6gOkNncDNqEcFozrZki5R:EMmPGM89EuoJXKZ6gJncsEcduR

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO-TR726276201-00538845 GHM-REFU-2024.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO-TR726276201-00538845 GHM-REFU-2024.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
bezelety.top
Port:
587
Username:
[email protected]
Password:
IxF(..bSed6k
Email To:
[email protected]

Targets

- Target
  
  PO-TR726276201-00538845 GHM-REFU-2024.exe
- Size
  
  1.0MB
- MD5
  
  1fbd0c844cca47d61a402d8f4f40f2b0
- SHA1
  
  30b9d8703008082c27d0c30a5b200784ee6b85cf
- SHA256
  
  539e0ed91a8107171e4a4801e203321f32f457e341979e16c89a3bbaa0632db4
- SHA512
  
  cb534b1d6715986b102c3c3013c992d29dda76abed01c01f5b0c7fcc887074cde83a2d2f117f455f9d88d063e94578230ff0a6238f306f8aaded20e399a6ca82
- SSDEEP
  
  24576:y4lavt0LkLL9IMixoEgeaJVnGsEKb9zq9MmCS:lkwkn9IMHeaJxE8taPCS
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy