agenttesla | 514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3 | Triage

Submit
Reports

Overview

overview

Static

static

1

Ziraat Ban...�.xlam

windows7-x64

Ziraat Ban...�.xlam

windows10-2004-x64

1

Sharing

General

Target

Ziraat Bankası Swift Mesajı.xlam.xlsx
Size

14KB
Sample

240522-xa7xwacc7t
MD5

b21f485299919357e9a90b9ab275d23a
SHA1

f70d73fd6646a872428f9082549aebfad445d371
SHA256

514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3
SHA512

fb0e94219af45c5c8fe599b74dd139564b885a842c999bd2422d658a12d74446fface38235902493c9b7bff576226e55dd21d1b149645d868479739842b57034
SSDEEP

384:P4+dXIZwO4vs7zR9IoFTbBgaWab88citqhkA6:g+lIYgIoFTbdWao8/qhkA6

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ziraat Bankası Swift Mesajı.xlam

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ziraat Bankası Swift Mesajı.xlam

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
3^?r?mtxk(kt
Email To:
[email protected]

Targets

- Target
  
  Ziraat Bankası Swift Mesajı.xlam.xlsx
- Size
  
  14KB
- MD5
  
  b21f485299919357e9a90b9ab275d23a
- SHA1
  
  f70d73fd6646a872428f9082549aebfad445d371
- SHA256
  
  514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3
- SHA512
  
  fb0e94219af45c5c8fe599b74dd139564b885a842c999bd2422d658a12d74446fface38235902493c9b7bff576226e55dd21d1b149645d868479739842b57034
- SSDEEP
  
  384:P4+dXIZwO4vs7zR9IoFTbBgaWab88citqhkA6:g+lIYgIoFTbdWao8/qhkA6
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy