agenttesla | c9c296508619b1296a45ae03ac10ef57c3390c6c6826b6932f08d38858ea17d7 | Triage

Submit
Reports

Overview

overview

Static

static

OC_007943234.exe

windows7_x64

OC_007943234.exe

windows10_x64

Sharing

General

Target

OC_007943234.exe
Size

1.1MB
Sample

210112-g1nfsc9nwj
MD5

f88bb462cad93be7c9ecfdc0e6dc1da8
SHA1

f9a7d7dcb4da0bd68a27520834a302a76d8ad13f
SHA256

c9c296508619b1296a45ae03ac10ef57c3390c6c6826b6932f08d38858ea17d7
SHA512

be2f6d1bd9d217ced571101272cddacc766b25195769519b7f46df0e90a072ae035aede6ffb515338524312230d1eb7f4422d743baa4aaa857a0b18759c5b7e5

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

OC_007943234.exe

Resource

win7v20201028

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OC_007943234.exe

Resource

win10v20201028

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.chrismehat.com
Port:
587
Username:
market@chrismehat.com
Password:
YjuZ%P91;qZ7

Targets

- Target
  
  OC_007943234.exe
- Size
  
  1.1MB
- MD5
  
  f88bb462cad93be7c9ecfdc0e6dc1da8
- SHA1
  
  f9a7d7dcb4da0bd68a27520834a302a76d8ad13f
- SHA256
  
  c9c296508619b1296a45ae03ac10ef57c3390c6c6826b6932f08d38858ea17d7
- SHA512
  
  be2f6d1bd9d217ced571101272cddacc766b25195769519b7f46df0e90a072ae035aede6ffb515338524312230d1eb7f4422d743baa4aaa857a0b18759c5b7e5
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy