agenttesla | 34a592414a902d096243319006d5fadd5e3b41dc4f0e299d3fb33d25b7ab64d6 | Triage

Submit
Reports

Overview

overview

Static

static

5

TRANSFEREN...86.exe

windows7-x64

TRANSFEREN...86.exe

windows10-2004-x64

Sharing

General

Target

34a592414a902d096243319006d5fadd5e3b41dc4f0e299d3fb33d25b7ab64d6
Size

535KB
Sample

241121-bhp65sxapa
MD5

d45d38c56b0d48886251f35534cc4c21
SHA1

bcdbd9a77affe05ca7a54710769af4f1a7a71ada
SHA256

34a592414a902d096243319006d5fadd5e3b41dc4f0e299d3fb33d25b7ab64d6
SHA512

450d1df6dad5ec8000983ff48a561cbba03892a19d1e7cd5a53e08131766137e0964344e55167301de2926435f95b4d67ba9f52f79766d885a6c2c98be4d9a59
SSDEEP

12288:SC2vUzXs6YubDEBtHY1+Xl8Ft8IaubT16/s:SC2vUzc6YUDEBt4wXl0t1aubTl

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TRANSFERENCIA BANCA ELECTRONICA_9786.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

TRANSFERENCIA BANCA ELECTRONICA_9786.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.fosna.net
Port:
21
Username:
[email protected]
Password:
=A+N^@~c]~#I

Targets

- Target
  
  TRANSFERENCIA BANCA ELECTRONICA_9786.exe
- Size
  
  1020KB
- MD5
  
  ec54ec96f798986e11e21ae30143d86f
- SHA1
  
  08d5f0df9b9b930df3239dd7d3708f2657c9bf7a
- SHA256
  
  ee135e88c1e612f8298bbd73b83b6276e3654a1dfdbc92bfd0a58357d69ad9a3
- SHA512
  
  0299e4043aa6b130a75aa6b86ce268a9be6729e0daadf6fec079a76fddaa29e1bc85c9f21c0829703ef7ffa8d138f99a8bbd3c81a0fce5d84ec6588ac3095d37
- SSDEEP
  
  24576:ju6J33O0c+JY5UZ+XC0kGso6Faku/9ASEiGOLbnWY:tu0c++OCvkGs9Faku/KPLiiY
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy