agenttesla | 18669ba5c1ec3ab4fabe4164f1dfe5b0c69adb267db694ec419de8f1574fade1 | Triage

Submit
Reports

Overview

overview

Static

static

Shipping D...DF.exe

windows7_x64

Shipping D...DF.exe

windows10_x64

Sharing

General

Target

Shipping Details_PDF.rar
Size

1.0MB
Sample

210119-a9q7bnl8pe
MD5

c0dd2e6afe5ce86101ddd7c89f790b30
SHA1

da0d6799f67eb472d8c10f63b4050b012b1cfac4
SHA256

18669ba5c1ec3ab4fabe4164f1dfe5b0c69adb267db694ec419de8f1574fade1
SHA512

b5509bac5e1bf2808a5955d811b7884edd256ede6d17f26882bd552803237d2de6eafc10628012e8079ed89f094858666f6f5f1c70c198fb8c6750af3264aaca

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Shipping Details_PDF.exe

Resource

win7v20201028

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipping Details_PDF.exe

Resource

win10v20201028

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.krishnalandrenzo.com
Port:
587
Username:
amitkhanna@krishnalandrenzo.com
Password:
valen@08

Targets

- Target
  
  Shipping Details_PDF.exe
- Size
  
  1.4MB
- MD5
  
  0db3278cf7aa8a0532da9fb9082b61f9
- SHA1
  
  875aaeccabe30550d9902ec749d511365e4bf652
- SHA256
  
  80f4f76ea0e48a8de2d534286cf244562c938e595b10f2f92329bf57f379cc5f
- SHA512
  
  930e7c4caff53476db51207740bbde90c37558f9499d0b9542dc9e17062c3cab45a8424232a7f1ac49cc7ba258d31e3dda3fe7fb8903561f0e15a56c20abf4b4
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy