agenttesla | 514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3 | Triage

Submit
Reports

Overview

overview

Static

static

1

514266ecbe...3.xlam

windows7-x64

514266ecbe...3.xlam

windows10-2004-x64

1

Sharing

General

Target

514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3.xlsx
Size

14KB
Sample

240523-q1xfhadc98
MD5

b21f485299919357e9a90b9ab275d23a
SHA1

f70d73fd6646a872428f9082549aebfad445d371
SHA256

514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3
SHA512

fb0e94219af45c5c8fe599b74dd139564b885a842c999bd2422d658a12d74446fface38235902493c9b7bff576226e55dd21d1b149645d868479739842b57034
SSDEEP

384:P4+dXIZwO4vs7zR9IoFTbBgaWab88citqhkA6:g+lIYgIoFTbdWao8/qhkA6

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3.xlam

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3.xlam

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
3^?r?mtxk(kt
Email To:
[email protected]

Targets

- Target
  
  514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3.xlsx
- Size
  
  14KB
- MD5
  
  b21f485299919357e9a90b9ab275d23a
- SHA1
  
  f70d73fd6646a872428f9082549aebfad445d371
- SHA256
  
  514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3
- SHA512
  
  fb0e94219af45c5c8fe599b74dd139564b885a842c999bd2422d658a12d74446fface38235902493c9b7bff576226e55dd21d1b149645d868479739842b57034
- SSDEEP
  
  384:P4+dXIZwO4vs7zR9IoFTbBgaWab88citqhkA6:g+lIYgIoFTbdWao8/qhkA6
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy