agenttesla | 38a9dbdabbc017c160e963e4d2f6db2c9fa2f3b85d7e4e4f390259980549168e | Triage

Submit
Reports

Overview

overview

Static

static

5

ÖDEME ONA...SI.exe

windows7-x64

ÖDEME ONA...SI.exe

windows10-2004-x64

Sharing

General

Target

24092024_1245_23092024_ÖDEME ONAY KOPYASI.rar
Size

769KB
Sample

240924-pzgszsyeld
MD5

aa0ff09a1ec495b97931f6b43da21efb
SHA1

42a0c2f009d1341886f91d3f44fb9c46ea94da30
SHA256

38a9dbdabbc017c160e963e4d2f6db2c9fa2f3b85d7e4e4f390259980549168e
SHA512

95be55eaa265a1619e7dda28a35f9b75ea501c42c5b54672fc2f58384389330fbed89df0ee11ec0f66590fe6a1a1df0a0a83915096744f1a7befa815bf0d6978
SSDEEP

12288:9sNx+QKbK8kIyYCedTnjjx90TgxfzihICsoE4XShBnA1E1cy39yud6pO1v17:9U+Q7KyXethiUmhXDQBA2ag9yu7z

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ÖDEME ONAY KOPYASI.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

ÖDEME ONAY KOPYASI.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://backup.smartape.ru
Port:
21
Username:
user894492
Password:
w6NZOdcSkH1a

Targets

- Target
  
  ÖDEME ONAY KOPYASI.exe
- Size
  
  1.1MB
- MD5
  
  47e0c8a5f7944434a3d4ad5ac4a15125
- SHA1
  
  5b6fcee7b0d864e40737e32e749589b8c865c9bb
- SHA256
  
  7cc56147572d2708ff6bed42835676269d39ce647e4796087a5687aec53dda0b
- SHA512
  
  f70eb955154cd90acc3efae049048f052d6cd8434015c99ebc2195d30a2f22324356bd7883c8ee4b453da13b8274b831d183db5f76e5368ca2c4047b083fe031
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCYfb7ffxUuQSYh3NjUk9W5o3:7JZoQrbTFZY1iaCYfH5PQz973
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy