agenttesla | 6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8 | Triage

Submit
Reports

Overview

overview

Static

static

3

6581c52ddc...f8.exe

windows7-x64

6581c52ddc...f8.exe

windows10-2004-x64

Sharing

General

Target

6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
Size

689KB
Sample

240630-bfgrzs1dmh
MD5

0cf5716b3f7da1b71dbb881131787797
SHA1

ee59712452f56493dbcb6446ccd75906a8f6e9e9
SHA256

6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
SHA512

c4b97e0bcb467587a5688c91635baa318a44c708885b917f4b0dea1fcd0a5fc15a79cc2cce77ddf54fac195fc65c2b3bf6f967578d13747b3c323b1063354f3b
SSDEEP

12288:o+DYnsCeLAf8h5x5DlIhRW2rJbvgmzmY+er+TmX1OO+hIdImC8kmDsNFtjx0+:6nsC5oDlIh1Nrgmzm++Tw1OThOkmQNHT

Score

10^/10

agenttesla execution keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8.exe

Resource

win7-20240508-en

agenttesla execution keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8.exe

Resource

win10v2004-20240508-en

agenttesla execution keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7181517076:AAG4UbbwYZAXOf45n7IeXXms4ONdHZ7wNgU/

Targets

- Target
  
  6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
- Size
  
  689KB
- MD5
  
  0cf5716b3f7da1b71dbb881131787797
- SHA1
  
  ee59712452f56493dbcb6446ccd75906a8f6e9e9
- SHA256
  
  6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
- SHA512
  
  c4b97e0bcb467587a5688c91635baa318a44c708885b917f4b0dea1fcd0a5fc15a79cc2cce77ddf54fac195fc65c2b3bf6f967578d13747b3c323b1063354f3b
- SSDEEP
  
  12288:o+DYnsCeLAf8h5x5DlIhRW2rJbvgmzmY+er+TmX1OO+hIdImC8kmDsNFtjx0+:6nsC5oDlIh1Nrgmzm++Tw1OThOkmQNHT
Score

10^/10

agenttesla execution keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslaexecutionkeyloggerspywarestealertrojan

behavioral2

agentteslaexecutionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy