agenttesla | 8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c | Triage

Submit
Reports

Overview

overview

Static

static

3

8eb3e44e67...5c.exe

windows7-x64

5

8eb3e44e67...5c.exe

windows10-2004-x64

Sharing

General

Target

8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
Size

2.4MB
Sample

240630-bc7h8s1cqb
MD5

857f5541615746f6497138f5c5a1b2ab
SHA1

1f900aa6a6f6b2c6efad064721dc5e0bbcb08fc4
SHA256

8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
SHA512

2a1c9b4c4687bdb72dd53926c9957594d1bb2dd68bd4c9060ea6971d179f45a4d1d626ea2decfff3d94b5cf7ed848c80920126ef63a26214d056a629145c544b
SSDEEP

49152:COp8FE9CCy3++Mqmzetum6rlC5Sp3W6moVCiFCs/kb5K:COESN44gum6rlCsNj4xb5

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c.exe

Resource

win7-20240611-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c.exe

Resource

win10v2004-20240611-en

agenttesla execution keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.winnerawards.ae
Port:
587
Username:
[email protected]
Password:
azharwinner
Email To:
[email protected]

Targets

- Target
  
  8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
- Size
  
  2.4MB
- MD5
  
  857f5541615746f6497138f5c5a1b2ab
- SHA1
  
  1f900aa6a6f6b2c6efad064721dc5e0bbcb08fc4
- SHA256
  
  8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
- SHA512
  
  2a1c9b4c4687bdb72dd53926c9957594d1bb2dd68bd4c9060ea6971d179f45a4d1d626ea2decfff3d94b5cf7ed848c80920126ef63a26214d056a629145c544b
- SSDEEP
  
  49152:COp8FE9CCy3++Mqmzetum6rlC5Sp3W6moVCiFCs/kb5K:COESN44gum6rlCsNj4xb5
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy