agenttesla | 4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c | Triage

Submit
Reports

Overview

overview

Static

static

3

4481478226...6c.exe

windows7-x64

4481478226...6c.exe

windows10-2004-x64

Sharing

General

Target

4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
Size

633KB
Sample

240629-bfvzlszfqm
MD5

dc7edd2981253d70f927e5e80052fd61
SHA1

49c06d94cfdb5ba15baf5f376d3fde450d0300b7
SHA256

4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
SHA512

790d358025cb5fe3a6e9de43d83d0f8e2c72e5ba7a548f00fc234fd6694adb645b4ed85a70c606803261964f9cb8b5e049983e799c255a70c5f855e24c0bd32c
SSDEEP

12288:t9KbZRDVMz3CsTCkH1x2CyWL8UMzd6AIQs0tDXto1VS+pZIIU558SwoamVil2IO:t71THxvyWLkpqVS+oIU558SwuM

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c.exe

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://inhanoi.net.vn
Port:
21
Username:
[email protected]
Password:
^TSt3!FK$UBA

Targets

- Target
  
  4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
- Size
  
  633KB
- MD5
  
  dc7edd2981253d70f927e5e80052fd61
- SHA1
  
  49c06d94cfdb5ba15baf5f376d3fde450d0300b7
- SHA256
  
  4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
- SHA512
  
  790d358025cb5fe3a6e9de43d83d0f8e2c72e5ba7a548f00fc234fd6694adb645b4ed85a70c606803261964f9cb8b5e049983e799c255a70c5f855e24c0bd32c
- SSDEEP
  
  12288:t9KbZRDVMz3CsTCkH1x2CyWL8UMzd6AIQs0tDXto1VS+pZIIU558SwoamVil2IO:t71THxvyWLkpqVS+oIU558SwuM
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy