agenttesla | 423c34b90b87fb13f12fd8f019375be9357fe6b2d46a8e58cd4236192a344086 | Triage

Submit
Reports

Overview

overview

Static

static

3

e91a50f4a8...18.exe

windows7-x64

e91a50f4a8...18.exe

windows10-2004-x64

Sharing

General

Target

e91a50f4a87672e1cdb8ef6993ae2fa3_JaffaCakes118
Size

535KB
Sample

240918-pjheks1fpn
MD5

e91a50f4a87672e1cdb8ef6993ae2fa3
SHA1

8d90d26d920ec4638617a37a12b29e1b565b6fde
SHA256

423c34b90b87fb13f12fd8f019375be9357fe6b2d46a8e58cd4236192a344086
SHA512

b533a97f62620b918eea7f73a7cde08fe5d96ebb0231dc13aded17eb910e4578c32992657e7ded2029608ee6dac41336226dfd671355277e300e31dab55300cd
SSDEEP

12288:5hz6hG6BIZk0Vz9ncDoU420rn0lYniZsHeqw8vjX:sIZk0LcUUB0AOni+8s

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e91a50f4a87672e1cdb8ef6993ae2fa3_JaffaCakes118.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e91a50f4a87672e1cdb8ef6993ae2fa3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.tonytonero.biz
Port:
587
Username:
[email protected]
Password:
CHgjCzu8

Targets

- Target
  
  e91a50f4a87672e1cdb8ef6993ae2fa3_JaffaCakes118
- Size
  
  535KB
- MD5
  
  e91a50f4a87672e1cdb8ef6993ae2fa3
- SHA1
  
  8d90d26d920ec4638617a37a12b29e1b565b6fde
- SHA256
  
  423c34b90b87fb13f12fd8f019375be9357fe6b2d46a8e58cd4236192a344086
- SHA512
  
  b533a97f62620b918eea7f73a7cde08fe5d96ebb0231dc13aded17eb910e4578c32992657e7ded2029608ee6dac41336226dfd671355277e300e31dab55300cd
- SSDEEP
  
  12288:5hz6hG6BIZk0Vz9ncDoU420rn0lYniZsHeqw8vjX:sIZk0LcUUB0AOni+8s
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy