agenttesla | 94d32b344c1359f2f20cab6cefec880e6d9d69200d8e45a879c4791df7f7956f | Triage

Submit
Reports

Overview

overview

Static

static

3

e71370db15...18.exe

windows7-x64

e71370db15...18.exe

windows10-2004-x64

Sharing

General

Target

e71370db15b7578f635387357f199123_JaffaCakes118
Size

774KB
Sample

240917-schzbazbkk
MD5

e71370db15b7578f635387357f199123
SHA1

2c9ef3a68476d38449eae824bdda50b56e122370
SHA256

94d32b344c1359f2f20cab6cefec880e6d9d69200d8e45a879c4791df7f7956f
SHA512

dfe03b35eb20847fe7ff722f9c512904b5811f449eb8daa924cbbd2044a3097ee93116e94b4afe9859672124abc746c42f32160d134a15f0a23d7b8b9d033de5
SSDEEP

12288:cg0kFvLtl8i7s82ELtECtihRXoQknMS0cVMCZrpwcFolcXhmmJ1pTtOa:clkNEiLtECtihR4gcpZyC4Eh1

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e71370db15b7578f635387357f199123_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e71370db15b7578f635387357f199123_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cgmpharma.com
Port:
587
Username:
[email protected]
Password:
pakcgm123

Targets

- Target
  
  e71370db15b7578f635387357f199123_JaffaCakes118
- Size
  
  774KB
- MD5
  
  e71370db15b7578f635387357f199123
- SHA1
  
  2c9ef3a68476d38449eae824bdda50b56e122370
- SHA256
  
  94d32b344c1359f2f20cab6cefec880e6d9d69200d8e45a879c4791df7f7956f
- SHA512
  
  dfe03b35eb20847fe7ff722f9c512904b5811f449eb8daa924cbbd2044a3097ee93116e94b4afe9859672124abc746c42f32160d134a15f0a23d7b8b9d033de5
- SSDEEP
  
  12288:cg0kFvLtl8i7s82ELtECtihRXoQknMS0cVMCZrpwcFolcXhmmJ1pTtOa:clkNEiLtECtihR4gcpZyC4Eh1
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy