agenttesla | 087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd | Triage

Submit
Reports

Overview

overview

Static

static

3

087f3c379a...fd.exe

windows7-x64

087f3c379a...fd.exe

windows10-2004-x64

Sharing

General

Target

087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd.exe
Size

1.4MB
Sample

240522-r85brafa49
MD5

30664b17b297bc3db34968f239360c6f
SHA1

a4185b8ff9e045033d06701e200be57920753754
SHA256

087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd
SHA512

e178dd795f63ddf55ea4abbb9e9b44d493138a1be5b3b3c2928edfd59b8675e0192f223f986230854e1c8855d06041363f6f389d7d20390686e73be16acba0e1
SSDEEP

24576:lsO7OVJ0W//bLLK6tsPdEZ+gqBnf5B1M8We20/ccvLpxBVtra:zixL7Z+gK28/lng

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.trisquarespl.com
Port:
587
Username:
[email protected]
Password:
uhzJADD6
Email To:
[email protected]

Targets

- Target
  
  087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd.exe
- Size
  
  1.4MB
- MD5
  
  30664b17b297bc3db34968f239360c6f
- SHA1
  
  a4185b8ff9e045033d06701e200be57920753754
- SHA256
  
  087f3c379a1f08fc51ba599872013c25ee442d1bfeb87ce93503239ea2a388fd
- SHA512
  
  e178dd795f63ddf55ea4abbb9e9b44d493138a1be5b3b3c2928edfd59b8675e0192f223f986230854e1c8855d06041363f6f389d7d20390686e73be16acba0e1
- SSDEEP
  
  24576:lsO7OVJ0W//bLLK6tsPdEZ+gqBnf5B1M8We20/ccvLpxBVtra:zixL7Z+gK28/lng
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy