agenttesla | 6fdfaa6aa0118f1bc15869c8e51c24fd5e55340fbc8d1cc9183939070ab22652 | Triage

Submit
Reports

Overview

overview

Static

static

1

22052024_0...s.xlsx

windows7-x64

22052024_0...s.xlsx

windows10-2004-x64

1

Sharing

General

Target

22052024_0158_21052024_documentos.xlsx
Size

10KB
Sample

240522-cdx7magg36
MD5

baa10c6f2c1aed5b7d0b663b6155a4c3
SHA1

85ba1a4f78f9811012cddd3421229d795724d594
SHA256

6fdfaa6aa0118f1bc15869c8e51c24fd5e55340fbc8d1cc9183939070ab22652
SHA512

08c35a246865924ef0b792f0a29995d228c4cfb065c8d1a6866f2f939d42a96b6d7b8129222b5b8274065592b4176137c2f9b2f01c5f91e532da4b0b4aad745c
SSDEEP

192:9TZS4VyvSDkM8GAtgB7ol+Au/el0nWZ1X8H3nA/o3NRfUN:9TZHe6kM8Btg5a+ArZ1T/+KN

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

22052024_0158_21052024_documentos.xlsx

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

22052024_0158_21052024_documentos.xlsx

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.midhcodistribuciones.com
Port:
21
Username:
[email protected]
Password:
,A7}+JV4KExQ

Targets

- Target
  
  22052024_0158_21052024_documentos.xlsx
- Size
  
  10KB
- MD5
  
  baa10c6f2c1aed5b7d0b663b6155a4c3
- SHA1
  
  85ba1a4f78f9811012cddd3421229d795724d594
- SHA256
  
  6fdfaa6aa0118f1bc15869c8e51c24fd5e55340fbc8d1cc9183939070ab22652
- SHA512
  
  08c35a246865924ef0b792f0a29995d228c4cfb065c8d1a6866f2f939d42a96b6d7b8129222b5b8274065592b4176137c2f9b2f01c5f91e532da4b0b4aad745c
- SSDEEP
  
  192:9TZS4VyvSDkM8GAtgB7ol+Au/el0nWZ1X8H3nA/o3NRfUN:9TZHe6kM8Btg5a+ArZ1T/+KN
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy