agenttesla | b4f725b056394286a3c95a2dc158c00e7f9dd5472715acfedbb737a1a8deeab4 | Triage

Submit
Reports

Overview

overview

Static

static

3

PO.2200041757.exe

windows7-x64

PO.2200041757.exe

windows10-2004-x64

Sharing

General

Target

f4c07521487e028a63b7dfd3778d5d36_JaffaCakes118
Size

655KB
Sample

240925-abyn9ssgrk
MD5

f4c07521487e028a63b7dfd3778d5d36
SHA1

066c54694b04efa50866dfb1f9141569792b13df
SHA256

b4f725b056394286a3c95a2dc158c00e7f9dd5472715acfedbb737a1a8deeab4
SHA512

6c560742ec5a7f9c20f527c60b07789b11d61193c2a090f4200b5ed4a92b413ccdef9b5e7745e429a052cc258dd57f80a8ad40d275b4ee6900d62ee4f3ecec0d
SSDEEP

12288:a4AF9DIb/8yW/dRaW2+k7Aia5XSkU/SfbXsv0EZyhVolQwuYZAmZgfpG9WShU:ZeDIAcH2okuRvxuVATZATU9U

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO.2200041757.exe

Resource

win7-20240708-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO.2200041757.exe

Resource

win10v2004-20240802-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server283.web-hosting.com
Port:
587
Username:
[email protected]
Password:
L8OYn!$gh;8r

Targets

- Target
  
  PO.2200041757.exe
- Size
  
  749KB
- MD5
  
  c3ec4a8aa7918704724356d0a46bf4e4
- SHA1
  
  beffae358f9b2bcca9d969261c99aa2f7e553a91
- SHA256
  
  db8d3c32ee69788198baaa3b9ee3b2dd7c2a18ae090b6c336c0fd89d6c73bd21
- SHA512
  
  a287a753d098c4a55950f58443dc4e21ed3b504f7e3ad41a707db839dc547385fda9d8fe937f1ea6fd49a0c0378438fc106ab5332dafe898444e2378e06cd787
- SSDEEP
  
  12288:ZDI9QaV4j0frPvO1ig4jBqA+50kC/Gpbls90EJyFVSlQoseFmD0DpG3IS:Zk9XzPqCqANkUB9hYVqseFvA3
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy