agenttesla | d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644 | Triage

Submit
Reports

Overview

overview

Static

static

3

d743b898fa...44.exe

windows7-x64

d743b898fa...44.exe

windows10-2004-x64

Sharing

General

Target

d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
Size

481KB
Sample

240630-bc6a6svbmj
MD5

1304062712eb3b4a6b57788c3b9ba038
SHA1

f17492069cf3ecb5fd04eb17e97dca33ea994989
SHA256

d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
SHA512

55b2b126937413292508d47f56e27d26124c8c1cf79da92eb024aa0f8557a35e28e791079cc904ef2c8b46d5c73104593054c67ceb54a09a16f6171be8047440
SSDEEP

12288:LH6UjejvWv8DqvVpKSrtV5ZI4UN2MBFI:LaUj0Wv8DsmSrt99d

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644.exe

Resource

win7-20240611-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644.exe

Resource

win10v2004-20240611-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.code-jet.com
Port:
21
Username:
[email protected]
Password:
F$T3)1@zYr&V

Targets

- Target
  
  d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
- Size
  
  481KB
- MD5
  
  1304062712eb3b4a6b57788c3b9ba038
- SHA1
  
  f17492069cf3ecb5fd04eb17e97dca33ea994989
- SHA256
  
  d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
- SHA512
  
  55b2b126937413292508d47f56e27d26124c8c1cf79da92eb024aa0f8557a35e28e791079cc904ef2c8b46d5c73104593054c67ceb54a09a16f6171be8047440
- SSDEEP
  
  12288:LH6UjejvWv8DqvVpKSrtV5ZI4UN2MBFI:LaUj0Wv8DsmSrt99d
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy