agenttesla | b28f9a7f96b064ebc4ea9076e9dbaabce7387ef2a38944fcab534dc65e88d050 | Triage

Submit
Reports

Overview

overview

Static

static

Ningbo shi...21.exe

windows7_x64

Ningbo shi...21.exe

windows10_x64

Sharing

General

Target

Ningbo shipping statement for March 2021.exe
Size

816KB
Sample

210419-7trfvs9q7j
MD5

840a47d9bf5168dd2f452b86294bc9da
SHA1

36814de1a82ae89739b26b0edb90abf41ca867cb
SHA256

b28f9a7f96b064ebc4ea9076e9dbaabce7387ef2a38944fcab534dc65e88d050
SHA512

bb54779bcfbfe88de1bcc6e4407087184c8910462f808275c2c46ef8350b60d437ef9fafec574317c40590af7c81d2e96f823a9d48aa17b7b964eae82b6767a0

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ningbo shipping statement for March 2021.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ningbo shipping statement for March 2021.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.mdist.us
Port:
587
Username:
[email protected]
Password:
pos#4321

Targets

- Target
  
  Ningbo shipping statement for March 2021.exe
- Size
  
  816KB
- MD5
  
  840a47d9bf5168dd2f452b86294bc9da
- SHA1
  
  36814de1a82ae89739b26b0edb90abf41ca867cb
- SHA256
  
  b28f9a7f96b064ebc4ea9076e9dbaabce7387ef2a38944fcab534dc65e88d050
- SHA512
  
  bb54779bcfbfe88de1bcc6e4407087184c8910462f808275c2c46ef8350b60d437ef9fafec574317c40590af7c81d2e96f823a9d48aa17b7b964eae82b6767a0
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy