agenttesla | cc71aaff5556a4053df2846a191ff63e54b3b10df75b98a3d8d5edc4c02c7d1b | Triage

Submit
Reports

Overview

overview

Static

static

remittance...20.exe

windows7_x64

remittance...20.exe

windows10_x64

Sharing

General

Target

remittance advice 7.9.20.exe
Size

889KB
Sample

200709-2dkxyvf23n
MD5

aa54e572432813a7d322e244339aa7b6
SHA1

dc66aef6d10872755dc4398c2915a5ec97054e17
SHA256

cc71aaff5556a4053df2846a191ff63e54b3b10df75b98a3d8d5edc4c02c7d1b
SHA512

52dbe880edb8cb74c3faef8a235d6e80947bd3ead4e3923a6577c39a467312a02ff99da95a6dafdf16d13e14b850ec1582ab9fe026658acba536f7b3e25280ab

Score

10^/10

agenttesla nanocore keylogger spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

remittance advice 7.9.20.exe

Resource

win7

agenttesla keylogger spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

remittance advice 7.9.20.exe

Resource

win10v200430

agenttesla nanocore keylogger spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  remittance advice 7.9.20.exe
- Size
  
  889KB
- MD5
  
  aa54e572432813a7d322e244339aa7b6
- SHA1
  
  dc66aef6d10872755dc4398c2915a5ec97054e17
- SHA256
  
  cc71aaff5556a4053df2846a191ff63e54b3b10df75b98a3d8d5edc4c02c7d1b
- SHA512
  
  52dbe880edb8cb74c3faef8a235d6e80947bd3ead4e3923a6577c39a467312a02ff99da95a6dafdf16d13e14b850ec1582ab9fe026658acba536f7b3e25280ab
Score

10^/10

agenttesla keylogger spyware stealer trojan upx nanocore
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- AgentTesla Payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojanupx

behavioral2

agentteslananocorekeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy