agenttesla | 5304693d6029d4d724fbf463b0850f718f978c96f2851769c6e5d83c6995c41f | Triage

Submit
Reports

Overview

overview

Static

static

Scan Photo...mg.exe

windows7_x64

Scan Photo...mg.exe

windows10_x64

3

Sharing

General

Target

Scan Photos of products and artwork.img.exe
Size

552KB
Sample

200716-epn9jm1spj
MD5

468b7ce77fc3beed814fae4520edf901
SHA1

97675936f4cf69a0f0d5af641fcdc59319d47f19
SHA256

5304693d6029d4d724fbf463b0850f718f978c96f2851769c6e5d83c6995c41f
SHA512

188811256f22f3f2253abcbfc0e95f5a3320af581828887567e19b1716531e4ac5cacd401d763cdaa13fa91c56ce193829b6665b35a212be90aab6f979696c68

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Scan Photos of products and artwork.img.exe

Resource

win7v200430

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Scan Photos of products and artwork.img.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
bh-58.webhostbox.net
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$

Targets

- Target
  
  Scan Photos of products and artwork.img.exe
- Size
  
  552KB
- MD5
  
  468b7ce77fc3beed814fae4520edf901
- SHA1
  
  97675936f4cf69a0f0d5af641fcdc59319d47f19
- SHA256
  
  5304693d6029d4d724fbf463b0850f718f978c96f2851769c6e5d83c6995c41f
- SHA512
  
  188811256f22f3f2253abcbfc0e95f5a3320af581828887567e19b1716531e4ac5cacd401d763cdaa13fa91c56ce193829b6665b35a212be90aab6f979696c68
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy