agenttesla | 18b652472f58937d30d767dbccef9d2999214abf745f6369ae18fc9d5f6541de | Triage

Submit
Reports

Overview

overview

Static

static

3

1cce68b501...18.exe

windows7-x64

1cce68b501...18.exe

windows10-2004-x64

Sharing

General

Target

1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118
Size

677KB
Sample

240701-2s3hbsydjj
MD5

1cce68b5010bd304aaba3bb313bd429f
SHA1

77504d731a02f8688d429659417a9189d6bb6936
SHA256

18b652472f58937d30d767dbccef9d2999214abf745f6369ae18fc9d5f6541de
SHA512

35ae97d74a3a38d192836802f625457a9cee5a71b69622f5a22c7577144f65798ae4859d01f7cb42a59be0f4950728b36968e005261773a60d39ae04f9ecd56d
SSDEEP

12288:UtpY10t0Rx6qLaSOxufHCOmuAVnOqTl7wYRZ73rK1Dl5KS4:Ucit0DajIfPHMTl7wKWdM

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118.exe

Resource

win7-20231129-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.iymorenterprizelogs.com
Port:
587
Username:
[email protected]
Password:
J5Sg1}K~=c4#

Targets

- Target
  
  1cce68b5010bd304aaba3bb313bd429f_JaffaCakes118
- Size
  
  677KB
- MD5
  
  1cce68b5010bd304aaba3bb313bd429f
- SHA1
  
  77504d731a02f8688d429659417a9189d6bb6936
- SHA256
  
  18b652472f58937d30d767dbccef9d2999214abf745f6369ae18fc9d5f6541de
- SHA512
  
  35ae97d74a3a38d192836802f625457a9cee5a71b69622f5a22c7577144f65798ae4859d01f7cb42a59be0f4950728b36968e005261773a60d39ae04f9ecd56d
- SSDEEP
  
  12288:UtpY10t0Rx6qLaSOxufHCOmuAVnOqTl7wYRZ73rK1Dl5KS4:Ucit0DajIfPHMTl7wKWdM
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy