agenttesla | 11230af42789c3711dfbba6f7d1e2c17d33265bfa81f87588fd6dd712a8ae79b | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

1

Sharing

General

Target

QUOTATION_JULQTRA071244úPDF.scr
Size

337KB
Sample

240701-phsh6a1emb
MD5

0654315744338d14da164aa27a107d82
SHA1

a6bfb25480b54052be6a87f185c55689ed94ffee
SHA256

11230af42789c3711dfbba6f7d1e2c17d33265bfa81f87588fd6dd712a8ae79b
SHA512

8a83ef44af4021f71a7205474b99441c3d85da14640e985ed95d175d9d41432b24973b7325d4a0d0606a0136218c5dc9658da8aeaa7940f33ba00c3e1c3a1939
SSDEEP

768:FErzWmjjjjjjjjjjjjjJ2geu7Qe21zEjss2S3g1Ircn0sspAgpq8bLyg1uMN0+d:FErqEv7Qbk/pqELy0uyT+fh

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_JULQTRA071244úPDF.scr

Resource

win7-20240611-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_JULQTRA071244úPDF.scr

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
RaF5@@ts7^^!@San@<!!
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_JULQTRA071244úPDF.scr
- Size
  
  337KB
- MD5
  
  0654315744338d14da164aa27a107d82
- SHA1
  
  a6bfb25480b54052be6a87f185c55689ed94ffee
- SHA256
  
  11230af42789c3711dfbba6f7d1e2c17d33265bfa81f87588fd6dd712a8ae79b
- SHA512
  
  8a83ef44af4021f71a7205474b99441c3d85da14640e985ed95d175d9d41432b24973b7325d4a0d0606a0136218c5dc9658da8aeaa7940f33ba00c3e1c3a1939
- SSDEEP
  
  768:FErzWmjjjjjjjjjjjjjJ2geu7Qe21zEjss2S3g1Ircn0sspAgpq8bLyg1uMN0+d:FErqEv7Qbk/pqELy0uyT+fh
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy