agenttesla | 20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2 | Triage

Submit
Reports

Overview

overview

Static

static

5

20429c55a7...d2.exe

windows7-x64

20429c55a7...d2.exe

windows10-2004-x64

Sharing

General

Target

20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2.exe
Size

1.1MB
Sample

240726-wcd7xaxeke
MD5

f4d1eb5df87d3c4367610ea748e3328f
SHA1

cca9813afa027669b352d9efa864cb3689580383
SHA256

20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2
SHA512

9c36c6aa7f6f18df97ecf0acc2708d96268c54437c8d5411e5a429e5977a4e328f9a0b4c1a4ee7fa8818337d8af5162b06d7d3972207328f06247f094736a91f
SSDEEP

24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8aFoauhP3:FTvC/MTQYxsWR7aFVuhP

Score

10^/10

agenttesla aspackv2 collection credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2.exe

Resource

win7-20240704-en

agenttesla aspackv2 collection credential_access discovery keylogger spyware stealer trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2.exe

Resource

win10v2004-20240709-en

agenttesla aspackv2 collection credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.udpl.top
Port:
587
Username:
[email protected]
Password:
bCj8=*W5G!*n
Email To:
[email protected]

Targets

- Target
  
  20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2.exe
- Size
  
  1.1MB
- MD5
  
  f4d1eb5df87d3c4367610ea748e3328f
- SHA1
  
  cca9813afa027669b352d9efa864cb3689580383
- SHA256
  
  20429c55a73afdab0975bb4aeac8d61bec3431479a91587850745adc350979d2
- SHA512
  
  9c36c6aa7f6f18df97ecf0acc2708d96268c54437c8d5411e5a429e5977a4e328f9a0b4c1a4ee7fa8818337d8af5162b06d7d3972207328f06247f094736a91f
- SSDEEP
  
  24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8aFoauhP3:FTvC/MTQYxsWR7aFVuhP
Score

10^/10

agenttesla aspackv2 collection credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaaspackv2collectioncredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslaaspackv2collectioncredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy