agenttesla | 6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3 | Triage

Submit
Reports

Overview

overview

Static

static

3

6908b937d7...d3.exe

windows7-x64

6908b937d7...d3.exe

windows10-2004-x64

Sharing

General

Target

6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
Size

646KB
Sample

240629-bfwadazfqn
MD5

ae0c339413af1c890b9931d6d2fd898d
SHA1

95db807fb800bdfee36150094e3b3d57f5caf4aa
SHA256

6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
SHA512

fbf8bc098e8027313a60407391b1cb5e242ec94a972bdcf92333b7c4bdb8232931504bec2cbc3539fd32044873cece2f31bcfacfb943d48e382c6b623412fce4
SSDEEP

12288:8FIsPAMIZFT3ixUrl/8OBmQQVIOg4aQwSOWpTeym3M8shn0cG:+IK/2R3iM/xBmQDl4aQaWlmm0t

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://inhanoi.net.vn
Port:
21
Username:
[email protected]
Password:
^TSt3!FK$UBA

Targets

- Target
  
  6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
- Size
  
  646KB
- MD5
  
  ae0c339413af1c890b9931d6d2fd898d
- SHA1
  
  95db807fb800bdfee36150094e3b3d57f5caf4aa
- SHA256
  
  6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
- SHA512
  
  fbf8bc098e8027313a60407391b1cb5e242ec94a972bdcf92333b7c4bdb8232931504bec2cbc3539fd32044873cece2f31bcfacfb943d48e382c6b623412fce4
- SSDEEP
  
  12288:8FIsPAMIZFT3ixUrl/8OBmQQVIOg4aQwSOWpTeym3M8shn0cG:+IK/2R3iM/xBmQDl4aQaWlmm0t
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy