agenttesla | 1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a | Triage

Submit
Reports

Overview

overview

Static

static

3

1fc8b5c591...4a.exe

windows7-x64

1fc8b5c591...4a.exe

windows10-2004-x64

Sharing

General

Target

1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a
Size

589KB
Sample

240629-bn6q3sxdpe
MD5

ba7f90c3b1d6f90ccaa58b8e9a439662
SHA1

80912e5f54155a5a384e134196420f696fb7d406
SHA256

1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a
SHA512

ecd7ef167590699212e082e940591347dc7339192ed2a51a926ca0b9ec4dc39e2e6f7fb61636ddf59273b1772aa7d8e36c74d7a0ca15ef24eed2f9ba2f31de0d
SSDEEP

12288:ZOK+cDtCaKVvTkLsDSdWkORQUiLcXW3XJ64DGzZMueipqDKMM:EGAZVL1D0CEcXWZ64mZMWM

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a.exe

Resource

win7-20240419-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.caldas-cca.com
Port:
587
Username:
[email protected]
Password:
M34gN34sZS0Az
Email To:
[email protected]

Targets

- Target
  
  1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a
- Size
  
  589KB
- MD5
  
  ba7f90c3b1d6f90ccaa58b8e9a439662
- SHA1
  
  80912e5f54155a5a384e134196420f696fb7d406
- SHA256
  
  1fc8b5c5918ef41de9ccf05cd39c738bf16df4ab6ed7538145fe6f89419f354a
- SHA512
  
  ecd7ef167590699212e082e940591347dc7339192ed2a51a926ca0b9ec4dc39e2e6f7fb61636ddf59273b1772aa7d8e36c74d7a0ca15ef24eed2f9ba2f31de0d
- SSDEEP
  
  12288:ZOK+cDtCaKVvTkLsDSdWkORQUiLcXW3XJ64DGzZMueipqDKMM:EGAZVL1D0CEcXWZ64mZMWM
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy