agenttesla | ed500acf4e5c900246bcd04362797cb2bf31b660923e76a6021e8d73566d1588 | Triage

Submit
Reports

Overview

overview

Static

static

3

Nueva orde...ra.exe

windows7-x64

3

Nueva orde...ra.exe

windows10-2004-x64

Sharing

General

Target

ed500acf4e5c900246bcd04362797cb2bf31b660923e76a6021e8d73566d1588
Size

3.0MB
Sample

241121-b2mkcsxpbs
MD5

211c691ad801ee7377763ab5bc5112e3
SHA1

17960d3c80015323882863b65add16db95a53bfc
SHA256

ed500acf4e5c900246bcd04362797cb2bf31b660923e76a6021e8d73566d1588
SHA512

7db43eeaa7743942a151106212953975522f2dd0ea3ca0def5a682455922e65dd4778b1b9690ece3c1d8a8141ef72494fb7ce23b22220747967a17522c5a24ec
SSDEEP

49152:A9k+zZawhV31v3NayRZ5o0r6vF1wWaNMC+Hj6QLGrGXTOuKsYWDBVbz+Z+XH04Nx:A9kiFhfvBz5oOOu/jGYGjWWFpyZ+jhp

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Nueva orden de compra.exe

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nueva orden de compra.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.santonswitchgears.com
Port:
587
Username:
[email protected]
Password:
cJPF@$I3
Email To:
[email protected]

Targets

- Target
  
  Nueva orden de compra.exe
- Size
  
  7.1MB
- MD5
  
  9b2c361b77d2a5198602a24b473b506a
- SHA1
  
  01a4beda7991a7d5ad9717e25e3d47d219dec1f9
- SHA256
  
  9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d
- SHA512
  
  3fb44a807dc6bc1aaf97f7a39b06a870d1f8d19429cd699b1839ee4233d1267ab3fac535255b49d07d32937e79df888c1e75c52a725405b416ed99236465741e
- SSDEEP
  
  98304:YlaHVJHFOv9GJ6RiiOPriSL+pMI6cNKu4X2XfQ9rr6YrxV:ZHzFOvcOS0MRcNz4mI9qYtV
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy