agenttesla | 00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7 | Triage

Submit
Reports

Overview

overview

Static

static

5

00165d6313...e7.exe

windows7-x64

00165d6313...e7.exe

windows10-2004-x64

Sharing

General

Target

00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7.exe
Size

1.1MB
Sample

241122-hmnbnssjfl
MD5

8824b4c14b081c61bd43db33be274a8f
SHA1

a320d33b0440a6a12c94987d36098d3c817e38f4
SHA256

00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7
SHA512

d5a3a636c707f3011df480d63e6c5b78ad13337aab8dbf86e8035634d8d7b9cf2a27f965376104714cbd616bc648fd43c368290ea4003ccfe6ae670ed4023f13
SSDEEP

24576:0tb20pkaCqT5TBWgNQ7aiyEnGlxD0S3XEF6Ae:dVg5tQ7aiyEaDo5e

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7.exe

Resource

win7-20240729-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pgsu.co.id
Port:
587
Username:
[email protected]
Password:
Vecls16@Vezs
Email To:
[email protected]

Targets

- Target
  
  00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7.exe
- Size
  
  1.1MB
- MD5
  
  8824b4c14b081c61bd43db33be274a8f
- SHA1
  
  a320d33b0440a6a12c94987d36098d3c817e38f4
- SHA256
  
  00165d631307624f2525756d3e8156c0c8530192f0115f50d1ce05e95c5924e7
- SHA512
  
  d5a3a636c707f3011df480d63e6c5b78ad13337aab8dbf86e8035634d8d7b9cf2a27f965376104714cbd616bc648fd43c368290ea4003ccfe6ae670ed4023f13
- SSDEEP
  
  24576:0tb20pkaCqT5TBWgNQ7aiyEnGlxD0S3XEF6Ae:dVg5tQ7aiyEaDo5e
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy