agenttesla | 8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1 | Triage

Submit
Reports

Overview

overview

Static

static

5

8d15bcc5ec...c1.exe

windows7-x64

8d15bcc5ec...c1.exe

windows10-2004-x64

Sharing

General

Target

8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
Size

1.0MB
Sample

240630-bs6a4s1glb
MD5

05b4a13a3d126cdd799e10c41b4b5af0
SHA1

243c8b9f0200db1d70a83a62a0fb082a720c1a29
SHA256

8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
SHA512

61934004d93eeecd27583a3b29fb63d5ab2793151d09165cd7f48a430f3607eb35ca7a3793f91a285cb2e4b149a81740dd4e2003d871a14c54fdd7f82ecaf418
SSDEEP

24576:aAHnh+eWsN3skA4RV1Hom2KXMmHa4Cdy4PosSnZmSIv5:th+ZkldoPK8Ya4CddGnZ58

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1.exe

Resource

win7-20240220-en

agenttesla keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1.exe

Resource

win10v2004-20240611-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
- Size
  
  1.0MB
- MD5
  
  05b4a13a3d126cdd799e10c41b4b5af0
- SHA1
  
  243c8b9f0200db1d70a83a62a0fb082a720c1a29
- SHA256
  
  8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
- SHA512
  
  61934004d93eeecd27583a3b29fb63d5ab2793151d09165cd7f48a430f3607eb35ca7a3793f91a285cb2e4b149a81740dd4e2003d871a14c54fdd7f82ecaf418
- SSDEEP
  
  24576:aAHnh+eWsN3skA4RV1Hom2KXMmHa4Cdy4PosSnZmSIv5:th+ZkldoPK8Ya4CddGnZ58
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy