agenttesla | 5eda1a970e778c1a561598fdd6986e0a4d926b80627b12dfc10e01134a1f4f63 | Triage

Submit
Reports

Overview

overview

Static

static

3

2748045d54...18.exe

windows7-x64

2748045d54...18.exe

windows10-2004-x64

Sharing

General

Target

2748045d542d232ac39ebb7e9bc94c16_JaffaCakes118
Size

475KB
Sample

241008-3ve1gszekk
MD5

2748045d542d232ac39ebb7e9bc94c16
SHA1

c538591916470d37aaf838dd49b23c7028f7c51c
SHA256

5eda1a970e778c1a561598fdd6986e0a4d926b80627b12dfc10e01134a1f4f63
SHA512

64080da588204da20184a9d6f2537df26ede1b9785bb71a96c1a8cf09e878d2dfa60b7471c4dafc5807845524174b04066c890be7e77b1652c3d1967265325b6
SSDEEP

12288:E3taORhPVcmcjwNRkwfJptUO76UJ4roU7h7AN3gB+M9eZaPRsXvo0AKqgqVa:E3kOTKUYAC9UAoShsKB+ML/A

Score

10^/10

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2748045d542d232ac39ebb7e9bc94c16_JaffaCakes118.exe

Resource

win7-20240708-en

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2748045d542d232ac39ebb7e9bc94c16_JaffaCakes118.exe

Resource

win10v2004-20241007-en

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dianaglobalmandiri.com
Port:
587
Username:
[email protected]
Password:
Batam2019

Targets

- Target
  
  2748045d542d232ac39ebb7e9bc94c16_JaffaCakes118
- Size
  
  475KB
- MD5
  
  2748045d542d232ac39ebb7e9bc94c16
- SHA1
  
  c538591916470d37aaf838dd49b23c7028f7c51c
- SHA256
  
  5eda1a970e778c1a561598fdd6986e0a4d926b80627b12dfc10e01134a1f4f63
- SHA512
  
  64080da588204da20184a9d6f2537df26ede1b9785bb71a96c1a8cf09e878d2dfa60b7471c4dafc5807845524174b04066c890be7e77b1652c3d1967265325b6
- SSDEEP
  
  12288:E3taORhPVcmcjwNRkwfJptUO76UJ4roU7h7AN3gB+M9eZaPRsXvo0AKqgqVa:E3kOTKUYAC9UAoShsKB+ML/A
Score

10^/10

agenttesla collection credential_access discovery evasion keylogger persistence privilege_escalation rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectioncredential_accessdiscoveryevasionkeyloggerpersistenceprivilege_escalationrezer0spywarestealertrojan

behavioral2

agentteslacollectioncredential_accessdiscoveryevasionkeyloggerpersistenceprivilege_escalationrezer0spywarestealertrojan

© 2018-2025

Terms | Privacy