agenttesla | e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388 | Triage

Submit
Reports

Overview

overview

Static

static

5

e7413d14be...88.exe

windows7-x64

e7413d14be...88.exe

windows10-2004-x64

7

Sharing

General

Target

e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388.exe
Size

1.4MB
Sample

240727-ch2evatala
MD5

7ccb3c07bf2918bbcad959e27e17f083
SHA1

978f8c090da4173cdf2544b38b5e53aa6fc2fab7
SHA256

e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388
SHA512

22d2552eb839a9643cd939acf70501b91a933b44c29fda7ccfc1bf5c3b1da44229e87dca3177424c23d30b61f76cead0dcd2c25bced77cc141a5ebd6f29c56cc
SSDEEP

24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388.exe

Resource

win7-20240704-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388.exe
- Size
  
  1.4MB
- MD5
  
  7ccb3c07bf2918bbcad959e27e17f083
- SHA1
  
  978f8c090da4173cdf2544b38b5e53aa6fc2fab7
- SHA256
  
  e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388
- SHA512
  
  22d2552eb839a9643cd939acf70501b91a933b44c29fda7ccfc1bf5c3b1da44229e87dca3177424c23d30b61f76cead0dcd2c25bced77cc141a5ebd6f29c56cc
- SSDEEP
  
  24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy