agenttesla | fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b | Triage

Submit
Reports

Overview

overview

Static

static

3

fc19a2a396...4b.exe

windows7-x64

1

fc19a2a396...4b.exe

windows10-2004-x64

Sharing

General

Target

fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
Size

223KB
Sample

240701-bc1qpa1eja
MD5

4a49a8abf60ecb81fc23e6d1ed35a42e
SHA1

d6836688b3806af42f3ee1dc88b9479c84fed49b
SHA256

fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
SHA512

988d6cb2045301523a923fc0e58c63d3e522fd59b1631c422cd48acadafd024069eb237f0ebb180a075897142a1ce3f81eb8816953c00e11f72260d0b111a591
SSDEEP

3072:/oTa9jqHiBVyfqpl656wNLamMcnDAxRCzSpCTVtRGFuSSMWfYjTc:/oTaB7BV2cl6nWmtQp0TVlSc

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b.exe

Resource

win7-20240220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.antoniomayol.com
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.antoniomayol.com:21
Port:
21
Username:
[email protected]
Password:
cMhKDQUk1{;%

Targets

- Target
  
  fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
- Size
  
  223KB
- MD5
  
  4a49a8abf60ecb81fc23e6d1ed35a42e
- SHA1
  
  d6836688b3806af42f3ee1dc88b9479c84fed49b
- SHA256
  
  fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
- SHA512
  
  988d6cb2045301523a923fc0e58c63d3e522fd59b1631c422cd48acadafd024069eb237f0ebb180a075897142a1ce3f81eb8816953c00e11f72260d0b111a591
- SSDEEP
  
  3072:/oTa9jqHiBVyfqpl656wNLamMcnDAxRCzSpCTVtRGFuSSMWfYjTc:/oTaB7BV2cl6nWmtQp0TVlSc
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy