agenttesla | c89dbc33b2bed22fe68911bf6e23eb613cebc22f868290d4576822e26092798f | Triage

Submit
Reports

Overview

overview

Static

static

5

DHL AWB CO...LS.exe

windows7-x64

DHL AWB CO...LS.exe

windows10-2004-x64

Sharing

General

Target

DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe
Size

1.1MB
Sample

240701-l3dc7avfjb
MD5

c519e1871f1521e167b56bad94b41114
SHA1

bd504a951e281eb76b37de31613de084bcddeeeb
SHA256

c89dbc33b2bed22fe68911bf6e23eb613cebc22f868290d4576822e26092798f
SHA512

648ca2be6af1d37408b85764e504234942c657fa0d6c2791c08fcce35186ebf1e3b76e433701fed73f6bc5586d76d1584c49542e7e79bce17f13fc713dabf79e
SSDEEP

24576:yAHnh+eWsN3skA4RV1Hom2KXMmHaUCmRC4Jer37G5:1h+ZkldoPK8YaU1A3g

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe

Resource

win7-20240508-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe

Resource

win10v2004-20240508-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.laboratoriosvilla.com.mx
Port:
587
Username:
[email protected]
Password:
WZ,2pliw#L)D
Email To:
[email protected]

Targets

- Target
  
  DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe
- Size
  
  1.1MB
- MD5
  
  c519e1871f1521e167b56bad94b41114
- SHA1
  
  bd504a951e281eb76b37de31613de084bcddeeeb
- SHA256
  
  c89dbc33b2bed22fe68911bf6e23eb613cebc22f868290d4576822e26092798f
- SHA512
  
  648ca2be6af1d37408b85764e504234942c657fa0d6c2791c08fcce35186ebf1e3b76e433701fed73f6bc5586d76d1584c49542e7e79bce17f13fc713dabf79e
- SSDEEP
  
  24576:yAHnh+eWsN3skA4RV1Hom2KXMmHaUCmRC4Jer37G5:1h+ZkldoPK8YaU1A3g
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy