agenttesla | 98798287e65f13b729ddaffcef82fbf554877393829307b00d0f1872a94a88b2 | Triage

Submit
Reports

Overview

overview

Static

static

RECIBO_D.EXE

windows7_x64

RECIBO_D.EXE

windows10_x64

Sharing

General

Target

Recibo del envío.img
Size

1.5MB
Sample

210226-knv4zenkpj
MD5

882a3f397c0d63c08a51711af90438ac
SHA1

086870cdbef9b609daa54400372ed7b38f5e6e09
SHA256

98798287e65f13b729ddaffcef82fbf554877393829307b00d0f1872a94a88b2
SHA512

43058ba8cebe51b3fa1af0a0ac0909e5de420a30dc9423f9456ee4200bdd283d1e9d2425e34b2fbca8aed5e1f411870962ea635410d149e1ee68489e22cc2d94

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RECIBO_D.EXE

Resource

win7v20201028

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RECIBO_D.EXE

Resource

win10v20201028

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  RECIBO_D.EXE
- Size
  
  1000KB
- MD5
  
  30f590b7eac07fe6dc2da82d74cb7f01
- SHA1
  
  806e9df9cbe214445752e34f50392b5690209991
- SHA256
  
  53480d705948121a9bc2c0e0570b85b141b3e2044798f550fe8421fea55d5d70
- SHA512
  
  062d6e0fcda49649ac3fd6e55e6d8f91e7c2d4989219b535ccf0934fd058c9ad98b685de65a2d3c1ec99a77bbc500a705bcf8319d53af8aaf7be6cc0522c5f58
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy