agenttesla | 6e719e64b4ad2a0d621bdb539d863e62a98845ec70fa5a702a9a21748ec0848a | Triage

Submit
Reports

Overview

overview

Static

static

SWIFT 0001.exe

windows7_x64

SWIFT 0001.exe

windows10_x64

Sharing

General

Target

SWIFT 0001.exe
Size

934KB
Sample

200713-xhgnrwyzcn
MD5

e946f1d91d436de3ccd079369dd2a37a
SHA1

d22298d0b640c75a72014593dca7bad15ded38a7
SHA256

6e719e64b4ad2a0d621bdb539d863e62a98845ec70fa5a702a9a21748ec0848a
SHA512

de2395a7847b254573737beb7bdce31685d35ff2bed64f0961d49fdf1731e5905bd99ca49411cfbf5cde738389fa136c3d0c3cc98985eaf77de7ae925337351a

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SWIFT 0001.exe

Resource

win7v200430

spyware keylogger trojan stealer agenttesla

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SWIFT 0001.exe

Resource

win10

keylogger trojan stealer spyware agenttesla

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
123dreams

Targets

- Target
  
  SWIFT 0001.exe
- Size
  
  934KB
- MD5
  
  e946f1d91d436de3ccd079369dd2a37a
- SHA1
  
  d22298d0b640c75a72014593dca7bad15ded38a7
- SHA256
  
  6e719e64b4ad2a0d621bdb539d863e62a98845ec70fa5a702a9a21748ec0848a
- SHA512
  
  de2395a7847b254573737beb7bdce31685d35ff2bed64f0961d49fdf1731e5905bd99ca49411cfbf5cde738389fa136c3d0c3cc98985eaf77de7ae925337351a
Score

10^/10

spyware keylogger trojan stealer agenttesla
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarekeyloggertrojanstealeragenttesla

behavioral2

keyloggertrojanstealerspywareagenttesla

© 2018-2024

Terms | Privacy