agenttesla | 53eeff9f4fa0473d90cf4abe978ff60d5898d2527924a593ef877303cab88a5b | Triage

Submit
Reports

Overview

overview

Static

static

3

Byte Guard Free.exe

windows10-1703-x64

Byte Guard Free.exe

windows11-21h2-x64

Sharing

General

Target

Byte Guard Free.exe
Size

2.4MB
Sample

240705-hva2bawhnd
MD5

32eee970bec927fd068197918edac5a4
SHA1

8aa4820931aa228856f12fc516f886dab4d12e28
SHA256

53eeff9f4fa0473d90cf4abe978ff60d5898d2527924a593ef877303cab88a5b
SHA512

d47d2fbc9d4b9a47d0b5b1076aaa89b20ba72a9625e9fcfd57f000bc14abc11aff60123667bbb6998fa5bdff65b7207f410cc6008207fc2362db1d99c80afbe8
SSDEEP

49152:3Ls8e8SkGMITYbNbNWo4kSH3OqtwI2MrBm6w30IfRaRf:3PecGMIT4bNJFY3OqtxdmDDJef

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Byte Guard Free.exe

Resource

win10-20240611-en

agenttesla keylogger spyware stealer trojan

windows10-1703-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Byte Guard Free.exe

Resource

win11-20240704-en

agenttesla keylogger spyware stealer trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Byte Guard Free.exe
- Size
  
  2.4MB
- MD5
  
  32eee970bec927fd068197918edac5a4
- SHA1
  
  8aa4820931aa228856f12fc516f886dab4d12e28
- SHA256
  
  53eeff9f4fa0473d90cf4abe978ff60d5898d2527924a593ef877303cab88a5b
- SHA512
  
  d47d2fbc9d4b9a47d0b5b1076aaa89b20ba72a9625e9fcfd57f000bc14abc11aff60123667bbb6998fa5bdff65b7207f410cc6008207fc2362db1d99c80afbe8
- SSDEEP
  
  49152:3Ls8e8SkGMITYbNbNWo4kSH3OqtwI2MrBm6w30IfRaRf:3PecGMIT4bNJFY3OqtxdmDDJef
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy