agenttesla | f160831f875a33c95c113ad1258159739f41cbcf7f327f6a8014de3212b12425 | Triage

Submit
Reports

Overview

overview

Static

static

5

vessel_doc...df.exe

windows7-x64

vessel_doc...df.exe

windows10-2004-x64

Sharing

General

Target

f160831f875a33c95c113ad1258159739f41cbcf7f327f6a8014de3212b12425
Size

580KB
Sample

240523-cztrbsah52
MD5

dda8d21619a651014a7b940687eb917c
SHA1

e741b2847c3c3d82264bbca8f2ad205727bce43e
SHA256

f160831f875a33c95c113ad1258159739f41cbcf7f327f6a8014de3212b12425
SHA512

25a8930a25c9299d35ba9d1ad700dfd5cbe87ee16f8e53a6e120685d60929a9b8b7cedb196c13e889bdb0b49651788ccdf839dc7a1dae8fa61fdf9bd93341ba7
SSDEEP

12288:IhdGm25dL7dWqz6RniYEgWgZO68QZ4aS1R04fYev6Qo398r+vYqrjcOmOQFeC0:EdGmmlhWS6bEB8O68QZ4aSn0qYev6l3Z

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

vessel_documents_220524_pdf.exe

Resource

win7-20231129-en

agenttesla keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

vessel_documents_220524_pdf.exe

Resource

win10v2004-20240426-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.window10server.com
Port:
587
Username:
[email protected]
Password:
6oJwe0Mg7pNWEVD
Email To:
[email protected]

Targets

- Target
  
  vessel_documents_220524_pdf.exe
- Size
  
  1004KB
- MD5
  
  f9a051bb69d81d56a813cb7c1b9723ca
- SHA1
  
  48bc5e261d86fd13f381fdd8d99543f2e04f8d74
- SHA256
  
  9a85f60d0a9c5ed32f0a0e8717769f82bf796a7fec9efc5826adb170d5742682
- SHA512
  
  7cb35b72921599ceb1d239c356fe8ed08da1bf851d238df102ae373553754b7bcd41d2ba19e6a6504ef9a92ba0dc44f84eeb598016abdc2b48f4d3cbe2d3fa2b
- SSDEEP
  
  24576:bAHnh+eWsN3skA4RV1Hom2KXMmHa4eHljd25:2h+ZkldoPK8Ya4eFS
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy