agenttesla | 27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76 | Triage

Submit
Reports

Overview

overview

Static

static

5

27840a87db...76.exe

windows7-x64

27840a87db...76.exe

windows10-2004-x64

Sharing

General

Target

27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76
Size

1.2MB
Sample

240727-bjhtfsxank
MD5

3e940e51c2f61cd8482764ab788fc29c
SHA1

0190e8e9ea92aaab23cca316d1e55eef31bb4f2d
SHA256

27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76
SHA512

8f0b59f1d46d8232cb150a9d7500022e37cac435291d0b4e93ccc7a937dc32d507f193768d55922fedb68402901f6def02f56772a05910d3bc01853c3c069574
SSDEEP

24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aALarseL2ZFj8Zen86:8TvC/MTQYxsWR7aALZR8Zg8

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76.exe

Resource

win7-20240704-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76.exe

Resource

win10v2004-20240709-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76
- Size
  
  1.2MB
- MD5
  
  3e940e51c2f61cd8482764ab788fc29c
- SHA1
  
  0190e8e9ea92aaab23cca316d1e55eef31bb4f2d
- SHA256
  
  27840a87db8fe5f9d73b741f7c9d6e0d40d44d3733da053d2d26019398d17d76
- SHA512
  
  8f0b59f1d46d8232cb150a9d7500022e37cac435291d0b4e93ccc7a937dc32d507f193768d55922fedb68402901f6def02f56772a05910d3bc01853c3c069574
- SSDEEP
  
  24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aALarseL2ZFj8Zen86:8TvC/MTQYxsWR7aALZR8Zg8
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy