agenttesla | 772d316873673ace45da234f8820d736d2f18c55eeab2b84a471dbfdaba963b6 | Triage

Submit
Reports

Overview

overview

Static

static

dchampz.exe

windows7_x64

dchampz.exe

windows10_x64

Sharing

General

Target

dchampz.exe
Size

494KB
Sample

201204-56f8xkeyq2
MD5

adbdebfb0f935351763be5157d6b4aad
SHA1

410e978c586533a7dde49abeed1a563a977aff96
SHA256

772d316873673ace45da234f8820d736d2f18c55eeab2b84a471dbfdaba963b6
SHA512

99091d007471df040117cfe8b256239e0e147f12e673cb5e0d4d5816b25746ae7a1cfb7b4563517e4f4f355e546c45d2d6addd1e2cd708f4adcf777ce32d4a0b

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

dchampz.exe

Resource

win7v20201028

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dchampz.exe

Resource

win10v20201028

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.nadan.xyz
Port:
587
Username:
hopelogs@nadan.xyz
Password:
eECqlYA7

Targets

- Target
  
  dchampz.exe
- Size
  
  494KB
- MD5
  
  adbdebfb0f935351763be5157d6b4aad
- SHA1
  
  410e978c586533a7dde49abeed1a563a977aff96
- SHA256
  
  772d316873673ace45da234f8820d736d2f18c55eeab2b84a471dbfdaba963b6
- SHA512
  
  99091d007471df040117cfe8b256239e0e147f12e673cb5e0d4d5816b25746ae7a1cfb7b4563517e4f4f355e546c45d2d6addd1e2cd708f4adcf777ce32d4a0b
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy