agenttesla | 289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383 | Triage

Submit
Reports

Overview

overview

Static

static

3

289b62f2e1...83.exe

windows7-x64

289b62f2e1...83.exe

windows10-2004-x64

Sharing

General

Target

289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
Size

2.3MB
Sample

240701-bhs8ss1frb
MD5

0836be75ada3e2f608f9a275d45c996f
SHA1

10d9e8ec87f51bc9553c5d7a6c5a7926cae0851f
SHA256

289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
SHA512

439cd2a9758e4db6f6bb3cc40dadcb24b50ebfccc149cae1293e67bf1e5c6cd9291485c3f7f7dccb8f6dd697c117699a561be6e64d4e694115f766a0c8346af3
SSDEEP

49152:eF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUteaw1GWNOmefX:croA7PWioX

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383.exe

Resource

win7-20240611-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6766067146:AAHFJ0MibSkcw884er6PWmsW8KsHwF4xGxc/

Targets

- Target
  
  289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
- Size
  
  2.3MB
- MD5
  
  0836be75ada3e2f608f9a275d45c996f
- SHA1
  
  10d9e8ec87f51bc9553c5d7a6c5a7926cae0851f
- SHA256
  
  289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
- SHA512
  
  439cd2a9758e4db6f6bb3cc40dadcb24b50ebfccc149cae1293e67bf1e5c6cd9291485c3f7f7dccb8f6dd697c117699a561be6e64d4e694115f766a0c8346af3
- SSDEEP
  
  49152:eF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUteaw1GWNOmefX:croA7PWioX
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy