agenttesla | 16f69da1fcedad7515ae79d1f26d387a16860b4b769cd3d8aff8e687a95becef | Triage

Submit
Reports

Overview

overview

Static

static

5

Purchase O...32.exe

windows7-x64

Purchase O...32.exe

windows10-2004-x64

Sharing

General

Target

6ecc2e24f9ab6b0d0e8120ee8044a4f9_JaffaCakes118
Size

972KB
Sample

240524-rkcxlagg6w
MD5

6ecc2e24f9ab6b0d0e8120ee8044a4f9
SHA1

dfd856816ceb42ab7e629d588278c821e04de485
SHA256

16f69da1fcedad7515ae79d1f26d387a16860b4b769cd3d8aff8e687a95becef
SHA512

a7ee491b93a648984555d632a7927b6b1a101f27feca49bf5e9f043fa3d1b72afb567ebe82777ecc14d03b82328432ed54fccb006c07e1ce1a8cab2164ae3778
SSDEEP

24576:3NruLqTirgtYZbHl7hUZgU4rwz6sgkrfkR:RuLkirg2VTU4rahfC

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Purchase Order 5532.exe

Resource

win7-20240419-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase Order 5532.exe

Resource

win10v2004-20240508-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
vicanto1994

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
vicanto1994

Targets

- Target
  
  Purchase Order 5532.exe
- Size
  
  1.4MB
- MD5
  
  015ce7c47e830240e1cd65ef106d6c76
- SHA1
  
  a482f9ffe8c8328fd32d6c6f71646169a2fd0fa9
- SHA256
  
  c1929f1b7cf65c645f61b109bfd01aee7af27003a36d1b68e27425f6eaba810e
- SHA512
  
  d38da866d37e8d8bd2e8403cf9891aeb9152e27327d7965b846ff942e246d1d072373b5905333220625e2781e7debd8fc78ae7a7c4d918d9bddc9aaa2024b942
- SSDEEP
  
  24576:ytb20pkaCqT5TBWgNQ7avfuvcUSRSRHPkIPZ1PWLg/j0zfaH3cgL6A:/Vg5tQ7avchlRnef6n5
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy