agenttesla | 0fb7d8bf94e91104c7207440a869295ad6ab76eed09ab7cba74be2fe66247c96 | Triage

Submit
Reports

Overview

overview

Static

static

5

Ödeme Ona...ı.exe

windows10-2004-x64

Resubmissions

03-09-2024 18:23

240903-w1nq9avamg 10

03-09-2024 18:19

240903-wyny8sthqc 10

Sharing

General

Target

ENTIREMESSAGE.eml
Size

755KB
Sample

240903-w1nq9avamg
MD5

7b4e5d9b135fabc649a47971dfe7e70a
SHA1

7af5d8e188e3b6bff99e9a42bffde760e5283b94
SHA256

0fb7d8bf94e91104c7207440a869295ad6ab76eed09ab7cba74be2fe66247c96
SHA512

6e1569a28fe4d49468e132a5a5fa5828db4010de96576bd0786206ab76d074b0016373cb85674a832afeb63f279adfa3b68fca861512828badb5e462c8a591d2
SSDEEP

12288:K3vVjKPE9jzPf/INO4nMQ/J3PEYaSjt7JWoKWriKNSYnfMuoPegCPOWwukkQHcC5:K3NjZJKnFdaSjtVW5W2KpfMu3W1uE8pa

Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Ödeme Onay Kopyası.exe

Resource

win10v2004-20240802-en

agenttesla credential_access discovery keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://backup.smartape.ru
Port:
21
Username:
user894492
Password:
w6NZOdcSkH1a

Targets

- Target
  
  Ödeme Onay Kopyası.exe
- Size
  
  1.0MB
- MD5
  
  102f24e21c6ebef365ac013322df92be
- SHA1
  
  1f2ae631345ea1b6ca6570eb3bf3300e40a3d1d9
- SHA256
  
  fa55c7177a87dfc91f227846c8e52fd5f7a073a32e818b5c7f9680784f7c15e2
- SHA512
  
  d9573a1c4d7ca08b5775003284febe2830ce744a4e10d1ca1ec5d350c4b12334a2803fa1bf6adcb6007b4eea176b59df7b932d537bceed347b6e470bdc6b69cd
- SSDEEP
  
  24576:cAHnh+eWsN3skA4RV1Hom2KXMmHarjvnaIRvf8dP5:7h+ZkldoPK8Yarjvbm
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy