agenttesla | 934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7 | Triage

Submit
Reports

Overview

overview

Static

static

5

934284591d...c7.exe

windows7-x64

934284591d...c7.exe

windows10-2004-x64

Sharing

General

Target

934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
Size

1.2MB
Sample

240630-bwgrxs1gqf
MD5

f78535a3f5e84f626e1018e587b5b588
SHA1

8200afc4d351323230fcc4b0a76b529b5d052134
SHA256

934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
SHA512

7538b16da90041b285721ec6d626ffa8ed7fd83c39d8f03fca6657cc7474ca1cffff48b92f48871a409d9fdf48620d09e455de4f0914a4883d2435521767a455
SSDEEP

24576:+AHnh+eWsN3skA4RV1Hom2KXMmHaHFUc7+2b1Vck0VwCRla4CTwUUF5:ph+ZkldoPK8YaHFU2pbBgwilarM

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.divanrestoran.com
Port:
587
Username:
[email protected]
Password:
Div987654-_

Targets

- Target
  
  934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
- Size
  
  1.2MB
- MD5
  
  f78535a3f5e84f626e1018e587b5b588
- SHA1
  
  8200afc4d351323230fcc4b0a76b529b5d052134
- SHA256
  
  934284591d9e31d5c4868a6608b88c2dd2124fdd45b0248db35f4741d4634bc7
- SHA512
  
  7538b16da90041b285721ec6d626ffa8ed7fd83c39d8f03fca6657cc7474ca1cffff48b92f48871a409d9fdf48620d09e455de4f0914a4883d2435521767a455
- SSDEEP
  
  24576:+AHnh+eWsN3skA4RV1Hom2KXMmHaHFUc7+2b1Vck0VwCRla4CTwUUF5:ph+ZkldoPK8YaHFU2pbBgwilarM
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy