agenttesla | 9c1f76b540f055b2b6131cde2f6896e73f3e0170070c0551d90d20364156d32c | Triage

Submit
Reports

Overview

overview

Static

static

Shipping D...ts.exe

windows7_x64

Shipping D...ts.exe

windows10_x64

3

Sharing

General

Target

Shipping Documents.exe
Size

652KB
Sample

200713-kclj8dg392
MD5

9ad127f4f4d28ea19395cb16c194f23d
SHA1

21ce15a2f1ee49d7420ea368e51cf92b61028a4c
SHA256

9c1f76b540f055b2b6131cde2f6896e73f3e0170070c0551d90d20364156d32c
SHA512

b3e6f896c4d0747e0d575b1abc63eb96eb0cd791bce21275c44b58731494fa143f1ba03ea6185ee1d3c25366c32e8b26bdefdd4624f0f9780e3e8fcc64665d13

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Shipping Documents.exe

Resource

win7

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipping Documents.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
ikechukwu112

Targets

- Target
  
  Shipping Documents.exe
- Size
  
  652KB
- MD5
  
  9ad127f4f4d28ea19395cb16c194f23d
- SHA1
  
  21ce15a2f1ee49d7420ea368e51cf92b61028a4c
- SHA256
  
  9c1f76b540f055b2b6131cde2f6896e73f3e0170070c0551d90d20364156d32c
- SHA512
  
  b3e6f896c4d0747e0d575b1abc63eb96eb0cd791bce21275c44b58731494fa143f1ba03ea6185ee1d3c25366c32e8b26bdefdd4624f0f9780e3e8fcc64665d13
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy