agenttesla | a63fcda918d43ba074a512bc5c9198cdbb033ecc901dd3e3083d66a1814bf058 | Triage

Submit
Reports

Overview

overview

Static

static

5

Inv240521#...DF.exe

windows7-x64

Inv240521#...DF.exe

windows10-2004-x64

Sharing

General

Target

a63fcda918d43ba074a512bc5c9198cdbb033ecc901dd3e3083d66a1814bf058
Size

585KB
Sample

240523-cve3daad7v
MD5

ae64578ef5f0dec88d580b719d432c84
SHA1

620cb6e89617e12594dc303cb03fb6bbaca48a4c
SHA256

a63fcda918d43ba074a512bc5c9198cdbb033ecc901dd3e3083d66a1814bf058
SHA512

d4dd14aad8627601d97d5a43cb5bcf8134acd04d1b6721065709542a5efe089e23d2ffa2544e999c087a644c2968971b88e178f2b9aee8cd512fa6ccebe79cbb
SSDEEP

12288:K3rWQ9Evc5D46vAcml7IhKEUPOp0+vlXL+HhGwRxMGAcquTxWjrGpQSE:KbWQ9qGDprE2DlCRLActcjrHSE

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Inv240521# PTYR (BC24-05) BL COPY_PDF.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Inv240521# PTYR (BC24-05) BL COPY_PDF.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.window10server.com
Port:
587
Username:
[email protected]
Password:
Inqf2NK2STHzDz6
Email To:
[email protected]

Targets

- Target
  
  Inv240521# PTYR (BC24-05) BL COPY_PDF.exe
- Size
  
  1009KB
- MD5
  
  9b450594b985d865f7fd3043a14b7b8e
- SHA1
  
  69888184c00ddcae7b6a13e97bd91f8bf879922b
- SHA256
  
  4de7625d54b60786d2e5fb6aa9d8401a6341534907dbbf5349150d0a1d5027a5
- SHA512
  
  5d344da7a60c3de08b09f0ae7192b8711ed0f89f68d254e9eb0597c8ee4e41f1431278067a85f7ad82b67c8bdbaab20c93598e8884e0ae90f94569aba199589d
- SSDEEP
  
  24576:EAHnh+eWsN3skA4RV1Hom2KXMmHaZxjx1iT5:Th+ZkldoPK8YaZY
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy