agenttesla | 1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41 | Triage

Submit
Reports

Overview

overview

Static

static

5

1a9279c50b...41.exe

windows7-x64

1a9279c50b...41.exe

windows10-2004-x64

Sharing

General

Target

1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
Size

1.0MB
Sample

240630-bfgf8a1dmg
MD5

8dc74fb486d68b27282f56ad1a7de078
SHA1

abe5a0279e453c15f33e7fc48301e1aa4367d266
SHA256

1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
SHA512

d125ef4ca12abef43d8844c969ef109c9376d0f32e11def4a0822f3ea028d9436bc768d31d943b67dd7607a53f486488e043b9f5b1df5258e646b2e80aea0678
SSDEEP

24576:vAHnh+eWsN3skA4RV1Hom2KXMmHalZaFNjmSEsjv5:Sh+ZkldoPK8Yalmei

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41.exe

Resource

win10v2004-20240611-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.fosna.net
Port:
21
Username:
[email protected]
Password:
u;4z3V.Iir1l

Targets

- Target
  
  1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
- Size
  
  1.0MB
- MD5
  
  8dc74fb486d68b27282f56ad1a7de078
- SHA1
  
  abe5a0279e453c15f33e7fc48301e1aa4367d266
- SHA256
  
  1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
- SHA512
  
  d125ef4ca12abef43d8844c969ef109c9376d0f32e11def4a0822f3ea028d9436bc768d31d943b67dd7607a53f486488e043b9f5b1df5258e646b2e80aea0678
- SSDEEP
  
  24576:vAHnh+eWsN3skA4RV1Hom2KXMmHalZaFNjmSEsjv5:Sh+ZkldoPK8Yalmei
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy