agenttesla | a3ba50f51a82cb93850c1f1b1ec25aaa5512102b7f4f408285f170a028f0c2f2 | Triage

Submit
Reports

Overview

overview

Static

static

5

ETS7718282...09.exe

windows7-x64

ETS7718282...09.exe

windows10-2004-x64

Sharing

General

Target

a3ba50f51a82cb93850c1f1b1ec25aaa5512102b7f4f408285f170a028f0c2f2
Size

573KB
Sample

241122-brdjpsxmfk
MD5

cb7e05a8718e0a6b8f11c4098ddd95f3
SHA1

19145d20a7f34808283ccb1a1a383f4e1a539c64
SHA256

a3ba50f51a82cb93850c1f1b1ec25aaa5512102b7f4f408285f170a028f0c2f2
SHA512

7932906e22605702f1d3f2d182d9cc62114f4456fc589a4673962f327b98c94e8202638da325bf2afffcece5d1f5b62f473ef4795002fbefb2ac4e07b956bc21
SSDEEP

12288:r8AcapJMMDBYCt5d6V7j550hiYrk8loxeFB1fnEtgnl5LrYzra4WP:rF9pJMBYc7t59YrfoUFB1sGLz

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ETS77182828289-CUSI768WSI89W9-NGHY90289920209.exe

Resource

win7-20241010-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ETS77182828289-CUSI768WSI89W9-NGHY90289920209.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
cy+G_(979n9N
Email To:
[email protected]

Targets

- Target
  
  ETS77182828289-CUSI768WSI89W9-NGHY90289920209.exe
- Size
  
  100.0MB
- MD5
  
  7b2481cab9024074acbb3ec23a9df406
- SHA1
  
  6827629eeb37c2133d8b3a92598e5c5d903e4e9e
- SHA256
  
  c0b78f0f0a9315bf0336034e5787bb08723e633ceabc10f6d2c92d429adbc915
- SHA512
  
  3a78d56a1cd3ec72d840b598263c3288bfd58b06f56fd19701f8eb711c0b9d0b0225c1f8e1effb3478dbeae6943074403a2d5763ca1b7dd78282ef2473b293ea
- SSDEEP
  
  24576:ntb20pkaCqT5TBWgNQ7avMHNAYxGfnQy326A:kVg5tQ7avMqjG5
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy