agenttesla | c916367a402cc2cbb3506568aa7863a846fe6c2a5cef56599b164e2d829628aa | Triage

Submit
Reports

Overview

overview

Static

static

senarai Pesanan.exe

windows7_x64

senarai Pesanan.exe

windows10_x64

1

Sharing

General

Target

senarai Pesanan.exe
Size

662KB
Sample

200716-lxpzkkbz22
MD5

394973aea827e392d9edbc5217450484
SHA1

349bcd52385071e86a23425bf7eab3db612fc17d
SHA256

c916367a402cc2cbb3506568aa7863a846fe6c2a5cef56599b164e2d829628aa
SHA512

32d8377664817f9061bb0caa1e15426be971de6fce945d8af376f0cebede1393550b5aa6e5734bcf7c79c8eec314cc8a376ff6ec1b7f925111f0530511f4aa2c

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

senarai Pesanan.exe

Resource

win7

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

senarai Pesanan.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.chigo-cec.com
Port:
587
Username:
[email protected]
Password:
?{jbxkcK53}V

Targets

- Target
  
  senarai Pesanan.exe
- Size
  
  662KB
- MD5
  
  394973aea827e392d9edbc5217450484
- SHA1
  
  349bcd52385071e86a23425bf7eab3db612fc17d
- SHA256
  
  c916367a402cc2cbb3506568aa7863a846fe6c2a5cef56599b164e2d829628aa
- SHA512
  
  32d8377664817f9061bb0caa1e15426be971de6fce945d8af376f0cebede1393550b5aa6e5734bcf7c79c8eec314cc8a376ff6ec1b7f925111f0530511f4aa2c
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy