agenttesla | c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c | Triage

Submit
Reports

Overview

overview

Static

static

1

c79ea1eb60...c.xlsx

windows7-x64

c79ea1eb60...c.xlsx

windows10-2004-x64

1

Sharing

General

Target

c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
Size

10KB
Sample

240522-bjgw6afe84
MD5

334ee6dea87c01c0d4b1804e3f7eed3b
SHA1

762d2482465dd7a09b97d564e647f5bfd79c17f0
SHA256

c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
SHA512

6b259f01dee9c933e9d61e6577df149eea3556baad26b47e984182eee52345b14925ad22e59e45617e0fab800e93d23828da7e75195a5614f850bd883ee7a6e8
SSDEEP

192:UeS/0kJGDkM8GAtgBRol+Au/ClUhjRyQsC0fW/jcV:UeI0kMkM8Btgva+seyhC0fOjcV

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c.xlsx

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c.xlsx

Resource

win10v2004-20240508-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.grupovamex.com
Port:
21
Username:
[email protected]
Password:
tTgUWMBntHIE

Targets

- Target
  
  c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
- Size
  
  10KB
- MD5
  
  334ee6dea87c01c0d4b1804e3f7eed3b
- SHA1
  
  762d2482465dd7a09b97d564e647f5bfd79c17f0
- SHA256
  
  c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
- SHA512
  
  6b259f01dee9c933e9d61e6577df149eea3556baad26b47e984182eee52345b14925ad22e59e45617e0fab800e93d23828da7e75195a5614f850bd883ee7a6e8
- SSDEEP
  
  192:UeS/0kJGDkM8GAtgBRol+Au/ClUhjRyQsC0fW/jcV:UeI0kMkM8Btgva+seyhC0fOjcV
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy