agenttesla | f10385db00f8fe0775673e837ae1d2a343e48dc35d787376c31634225fd97902 | Triage

Submit
Reports

Overview

overview

Static

static

3

Turkiye Is...21.exe

windows7-x64

Turkiye Is...21.exe

windows10-2004-x64

Sharing

General

Target

1af633d9c7c69c2580885c50954c82e6_JaffaCakes118
Size

528KB
Sample

240701-ml3r7azdjr
MD5

1af633d9c7c69c2580885c50954c82e6
SHA1

a4a235316d674bd58fbda13371a9d31e125d9c0d
SHA256

f10385db00f8fe0775673e837ae1d2a343e48dc35d787376c31634225fd97902
SHA512

7096fa67fff276f3571596c89391f0f62625d3a0560acb84b7dcd31998058e55d08cfc212fc7659a4d63bfd715e8e6b919683a1a7be15c589f19209eb0b4f2e2
SSDEEP

12288:MEgkvTd6kItDUeSlImFygclJxtjWJDkMHlPsmkwv25o:M1kp6kpBtcLxtjwrlBIo

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Turkiye Is Bankasi A.S Ödeme havalesi dekontu 15022021.exe

Resource

win7-20240419-en

agenttesla keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Turkiye Is Bankasi A.S Ödeme havalesi dekontu 15022021.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.corroshield.co.id
Port:
587
Username:
[email protected]
Password:
kramatjati1945
Email To:
[email protected]

Targets

- Target
  
  Turkiye Is Bankasi A.S Ödeme havalesi dekontu 15022021.exe
- Size
  
  663KB
- MD5
  
  be23fa0d5c3d9497baa5f7cb345831ba
- SHA1
  
  9c53967f6f57c2c72e5f7816df0ac420fea848d8
- SHA256
  
  a798b16a0757f66a69a632fa0b55e1ec08bb4e34dd93f67ebfc405fc583b78e6
- SHA512
  
  c246fecddef537ef76ec2f26992cd5f7cfa4272e1058b42df625480e7b29007b17d36fe6bc7b481adf1cdaf93216c84c0fc54612f73e2890654b7c0fabf5bf29
- SSDEEP
  
  12288:y3P7M56UxElCH8YF8hiNF184sVdWauehe4pOEuSWsuMrOfVoMY1TaPbwVTMsMf:yzMBxBcY5f84sFh19uhsBrIVoXa8tT
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy