agenttesla | ac363a9734d32617dc6cee08c3bc0b072d74a48df7fd0d598060b02f1d6fdb6c | Triage

Submit
Reports

Overview

overview

Static

static

3

Purchase O...DF.rar

windows7-x64

3

Purchase O...DF.rar

windows10-2004-x64

3

Purchase O...DF.exe

windows7-x64

Purchase O...DF.exe

windows10-2004-x64

Sharing

General

Target

Purchase Order #400610-PDF.txz
Size

591KB
Sample

240701-v7bjts1ala
MD5

642fc8c739e0fcce028a2ce57b60c3a0
SHA1

6cd382c9d3223e46c7d77b51f843cde18adebd18
SHA256

ac363a9734d32617dc6cee08c3bc0b072d74a48df7fd0d598060b02f1d6fdb6c
SHA512

360a1e1ea0ea3886c0623dae8c56e608253af15840ae5bc882502e2f7a2d2b35938c6499c60ef0472a2c68e23ba1ad5a368dab45fb0e287519522d5f171f1c89
SSDEEP

12288:+0Bb35MLM59ijugo/sr+w9rk8HNRyQSdj6MlcYjb6LK:J5+M59ijugoNw9V1ipGYjbp

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Purchase Order #400610-PDF.rar

Resource

win7-20240419-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase Order #400610-PDF.rar

Resource

win10v2004-20240611-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

Purchase Order #400610-PDF.exe

Resource

win7-20240611-en

agenttesla keylogger spyware stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

Purchase Order #400610-PDF.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.motek.ro
Port:
587
Username:
[email protected]
Password:
Bp[Kg{G1@Jji
Email To:
[email protected]

Targets

- Target
  
  Purchase Order #400610-PDF.txz
- Size
  
  591KB
- MD5
  
  642fc8c739e0fcce028a2ce57b60c3a0
- SHA1
  
  6cd382c9d3223e46c7d77b51f843cde18adebd18
- SHA256
  
  ac363a9734d32617dc6cee08c3bc0b072d74a48df7fd0d598060b02f1d6fdb6c
- SHA512
  
  360a1e1ea0ea3886c0623dae8c56e608253af15840ae5bc882502e2f7a2d2b35938c6499c60ef0472a2c68e23ba1ad5a368dab45fb0e287519522d5f171f1c89
- SSDEEP
  
  12288:+0Bb35MLM59ijugo/sr+w9rk8HNRyQSdj6MlcYjb6LK:J5+M59ijugoNw9V1ipGYjbp
Score

3^/10
behavioral1 behavioral2
- Target
  
  Purchase Order #400610-PDF.exe
- Size
  
  2.2MB
- MD5
  
  7497134f651e8430f36ac5e225d36f06
- SHA1
  
  528c44ea56fcb1f662e5b73d6d24d647c0be9a50
- SHA256
  
  81c91c538be2bbf2bfec0d2a0d6f7c784fe1a021454abebaeb2309f445b86ecb
- SHA512
  
  6f057728d66e583f88d0496949e66c93a983b756b8750e0337c76a38f375c2cc1ee4cf107bdc8b6d8e174336305b8845323417d0225cfb4f306518cdd14646f6
- SSDEEP
  
  12288:yWvVXHfwn/OiUKvjDdj9kcCIbUOz/xuIj85T/EoatxQ/1D/Fw38+wmDgPIZD:yW9WGiP16Ibb/Vji7JZdwBFgg
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

agentteslakeyloggerspywarestealertrojan

behavioral4

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy