agenttesla | 0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5 | Triage

Submit
Reports

Overview

overview

Static

static

0eca094ac4...e5.exe

windows7-x64

0eca094ac4...e5.exe

windows10-2004-x64

Sharing

General

Target

0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5.exe
Size

2.0MB
Sample

240524-bdwhcsfe4v
MD5

456442e5615445a54f15eae38140c50a
SHA1

f81074ce9855601a33b97fb357fbee1bbdd7fcf6
SHA256

0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5
SHA512

b69f617e0deb48af12f230dcf016211f94eea612f364357d84e96499f61b1bdc028cca43bbfa7f8f169b2645f6f6d6f243671e4c10ab2080f9c5896b45bc8ed0
SSDEEP

24576:oynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52jOXuq01dKqOFWYuO:ZjN3CdJ81nEQhs30e1uqsrOFA

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$

Targets

- Target
  
  0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5.exe
- Size
  
  2.0MB
- MD5
  
  456442e5615445a54f15eae38140c50a
- SHA1
  
  f81074ce9855601a33b97fb357fbee1bbdd7fcf6
- SHA256
  
  0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5
- SHA512
  
  b69f617e0deb48af12f230dcf016211f94eea612f364357d84e96499f61b1bdc028cca43bbfa7f8f169b2645f6f6d6f243671e4c10ab2080f9c5896b45bc8ed0
- SSDEEP
  
  24576:oynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52jOXuq01dKqOFWYuO:ZjN3CdJ81nEQhs30e1uqsrOFA
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect packed .NET executables. Mostly AgentTeslaV4.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing Windows vault credential objects. Observed in infostealers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy