agenttesla | 29e5a652f861c21a69b78ba724c03215c290b8a7e0d834918f69c61dc69b25cf | Triage

Submit
Reports

Overview

overview

Static

static

3

IlluminatiFree.exe

windows7-x64

IlluminatiFree.exe

windows10-2004-x64

Sharing

General

Target

Loader (1).zip
Size

3.2MB
Sample

240808-gg3zhatfnb
MD5

af9b31446ea243020243291a13b87614
SHA1

935beb4fa5a2ca10d68a5d274f1461cdd65effaf
SHA256

29e5a652f861c21a69b78ba724c03215c290b8a7e0d834918f69c61dc69b25cf
SHA512

982c96db3d9e0ce43ee486f94b546f9539c60ea77bab598ba211f7bd3a4a9b51f91aa77f554fdb8883ca101cdcfe0e5c1f50f00e8d567b581e2c80606fc1ce0c
SSDEEP

98304:Cz4ctBt1exSHMfGwCPLH9j/ZngDUzpKx9aVtMG7PZO5ci:U4Cw4sf7CPLdbeA09wtx7PZVi

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

IlluminatiFree.exe

Resource

win7-20240704-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

IlluminatiFree.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  IlluminatiFree.exe
- Size
  
  3.4MB
- MD5
  
  0d2b81676d5454aa2d64f4e3d5492065
- SHA1
  
  da217be8be81f371c35c949b067306d58bc7edc4
- SHA256
  
  3159c15e685d17e6349b5b23487380cfa8b2f18a0d8e6db72b5a64ef6eb0a694
- SHA512
  
  d92805b3cdc418b22a31439b4d494d014c15b58500af028f8398a006dac0c71e264e30ae25007a3662bac10eb02337db0e5974bdc94971df88d639070a3e6b34
- SSDEEP
  
  98304:RtZ1Bb/WtqjM/ECMPXpJxPDREVUTpybRyVpKGXdfW1c:T/E04/FMPXLl2WyRop7Xdfd
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy