agenttesla | 76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf | Triage

Submit
Reports

Overview

overview

Static

static

5

76605d7a01...bf.exe

windows7-x64

76605d7a01...bf.exe

windows10-2004-x64

Sharing

General

Target

76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf.exe
Size

1.1MB
Sample

240701-rwvxjswhkb
MD5

3b1a4595328f7a92df02b7a116bc4f40
SHA1

cbd3e5a4e18bca01678b6d844ada7764cbd4a209
SHA256

76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf
SHA512

590c07160fd86816573c5c80148c20392a0e2faa3fa4725f34ffe87b9c65b258e1a39cf744a3f3e4f7f920fb471b24f75acf35abeec56d5a1cbb35b0be7da28f
SSDEEP

24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8aG3n5Bb3dKcuSD:sTvC/MTQYxsWR7ae5/Kcv

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf.exe

Resource

win7-20240220-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf.exe

Resource

win10v2004-20240508-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.jaszredony.hu
Port:
587
Username:
[email protected]
Password:
jRedony77
Email To:
[email protected]

Targets

- Target
  
  76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf.exe
- Size
  
  1.1MB
- MD5
  
  3b1a4595328f7a92df02b7a116bc4f40
- SHA1
  
  cbd3e5a4e18bca01678b6d844ada7764cbd4a209
- SHA256
  
  76605d7a013bd7a9974299a201c92360faec54e4826e774ddca35fae33dab5bf
- SHA512
  
  590c07160fd86816573c5c80148c20392a0e2faa3fa4725f34ffe87b9c65b258e1a39cf744a3f3e4f7f920fb471b24f75acf35abeec56d5a1cbb35b0be7da28f
- SSDEEP
  
  24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8aG3n5Bb3dKcuSD:sTvC/MTQYxsWR7ae5/Kcv
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy