agenttesla | 0fd074d5c884fa43b879d5611936d497ddfbff034580f1b4cf35ecf99151b5b1 | Triage

Submit
Reports

Overview

overview

Static

static

3

MedWingNT_...f .exe

windows7-x64

MedWingNT_...f .exe

windows10-2004-x64

Sharing

General

Target

6c02710a77793c2cbbe772297dd6a16b_JaffaCakes118
Size

566KB
Sample

240523-x2ck2sdb94
MD5

6c02710a77793c2cbbe772297dd6a16b
SHA1

506edf76be43036ff202e47f060bae6ad406b110
SHA256

0fd074d5c884fa43b879d5611936d497ddfbff034580f1b4cf35ecf99151b5b1
SHA512

9d2f3cc997b8d149ee80c10ab4bec614428238f0b494e2ebd852f273bb75e4406d6024c02491040a7b57eb022123c4d7cca20af8f31a5b263c0b5a59d707fbcd
SSDEEP

12288:WxEk87ebCQ2wUpRSs5YtU54liluVJ8Z0famD:wrCQ2wUpRSs+akFVaZ0fai

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

MedWingNT_04_TT TP012080202014404 pdf .exe

Resource

win7-20240221-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

MedWingNT_04_TT TP012080202014404 pdf .exe

Resource

win10v2004-20240508-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.papir-kiev.com
Port:
587
Username:
[email protected]
Password:
Greatness@2020

Targets

- Target
  
  MedWingNT_04_TT TP012080202014404 pdf .exe
- Size
  
  851KB
- MD5
  
  c665924dd7dbd383b39a78f781d9b1ff
- SHA1
  
  04edec874b0bc40cfda48095f75f9ff21b76ef80
- SHA256
  
  3d84d5e663d7a56d40a164bfa46bf86aeb1a0f47659d9eda7e6b273605f1eb07
- SHA512
  
  0d399e909835b79e55d572c58911f2a3e9869a5194c83f92a1b27081f7b9066be82c6e234d69175d30ed12ca74c87be077d60ac7e8d732bb9e54751a476d202b
- SSDEEP
  
  24576:i36tgdwdG2dqTdJdqiUNqW4vRBC9RH1q:i36tbdgdJdBU8WiRkk
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy