agenttesla | c938f50c50ab42dbfb0ddb9fc53b2e71f260ab2312f1ecab9ddaab271826c1ce | Triage

Submit
Reports

Overview

overview

Static

static

5

hesaphareketi-01.exe

windows7-x64

hesaphareketi-01.exe

windows10-2004-x64

Sharing

General

Target

c938f50c50ab42dbfb0ddb9fc53b2e71f260ab2312f1ecab9ddaab271826c1ce
Size

791KB
Sample

240727-bjl6wazejh
MD5

fe7721cbfe9ddf1b369258746ae08e35
SHA1

9b736ee9e7fe8d021314cbd1cb9e5869e9e8f69a
SHA256

c938f50c50ab42dbfb0ddb9fc53b2e71f260ab2312f1ecab9ddaab271826c1ce
SHA512

dc5c993b6e60ead9ff6a885c78a7ae16bb10526220ba41c667ae2c11eb19f22cd9444bea5ba3097154ca27f8f88cee2a38715da57d61a5e5d0dafd8d46b9d98d
SSDEEP

24576:5Nv5o1/EyNUVMJ6/iliG3v8kMVCFcp0Ktg4JlTcN:Xv8/SVMBliG3v8Pp0axrgN

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hesaphareketi-01.exe

Resource

win7-20240705-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

hesaphareketi-01.exe

Resource

win10v2004-20240709-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  hesaphareketi-01.exe
- Size
  
  1.4MB
- MD5
  
  7ccb3c07bf2918bbcad959e27e17f083
- SHA1
  
  978f8c090da4173cdf2544b38b5e53aa6fc2fab7
- SHA256
  
  e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388
- SHA512
  
  22d2552eb839a9643cd939acf70501b91a933b44c29fda7ccfc1bf5c3b1da44229e87dca3177424c23d30b61f76cead0dcd2c25bced77cc141a5ebd6f29c56cc
- SSDEEP
  
  24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy