agenttesla | 824d9e9082e27b16c7bff8e0c02321c69abde54bcbc160a17f68ad4eba21170f | Triage

Submit
Reports

Overview

overview

Static

static

New order....er.exe

windows7_x64

New order....er.exe

windows10_x64

Sharing

General

Target

New order. December.exe
Size

971KB
Sample

201204-c13khg6e4a
MD5

42289a23f33d793b5213979021fe021f
SHA1

387ba991a7fbc49d8b5371bb410abac55dd82b2d
SHA256

824d9e9082e27b16c7bff8e0c02321c69abde54bcbc160a17f68ad4eba21170f
SHA512

3ee8761c8f07856f3daaa31b141450ddf28ee00a73053e6767a6ec28448b942364138e9ca02dcbd582e4c7fa29ad7f83a2dd29e4eb47cb049f24da77d9621a36

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

New order. December.exe

Resource

win7v20201028

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New order. December.exe

Resource

win10v20201028

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.lokalboyz.com
Port:
587
Username:
oc@lokalboyz.com
Password:
Gllm9vjy

Targets

- Target
  
  New order. December.exe
- Size
  
  971KB
- MD5
  
  42289a23f33d793b5213979021fe021f
- SHA1
  
  387ba991a7fbc49d8b5371bb410abac55dd82b2d
- SHA256
  
  824d9e9082e27b16c7bff8e0c02321c69abde54bcbc160a17f68ad4eba21170f
- SHA512
  
  3ee8761c8f07856f3daaa31b141450ddf28ee00a73053e6767a6ec28448b942364138e9ca02dcbd582e4c7fa29ad7f83a2dd29e4eb47cb049f24da77d9621a36
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy