agenttesla | b2455f2d8055ae37a984428cbe56e8bb2006dd19d805e70db985ec1dc3c30673 | Triage

Submit
Reports

Overview

overview

Static

static

MV. HC SUNSHINE.exe

windows7_x64

MV. HC SUNSHINE.exe

windows10_x64

Sharing

General

Target

MV. HC SUNSHINE.cab
Size

348KB
Sample

210421-x93g6wlyxx
MD5

c7623a8c3be41a2f2c11cbe1c0c98ece
SHA1

13ad375377ae0d5642a0604cd4623c0b0ae65771
SHA256

b2455f2d8055ae37a984428cbe56e8bb2006dd19d805e70db985ec1dc3c30673
SHA512

3540ef3700834d1dd779264653bd72a70ad1f812f228ba8a3fdefa91b856e1ec05cf6ce977b464046cebc971797df090fd976673b2cc495e84f0705bbc4c7515

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MV. HC SUNSHINE.exe

Resource

win7v20210408

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV. HC SUNSHINE.exe

Resource

win10v20210410

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.hyshippingcn.com
Port:
587
Username:
plogs112@hyshippingcn.com
Password:
e*u@qkS4

Targets

- Target
  
  MV. HC SUNSHINE.exe
- Size
  
  479KB
- MD5
  
  58986c24e1bdbb6a4dc734972f0c2457
- SHA1
  
  55efb98db1658687405482410c825e2e0645c5ae
- SHA256
  
  deb49f04e1fd81d2c37e7a8a234d8460c6de4cd2513dca91fc5c6ed84fdae2f1
- SHA512
  
  e22c6140e11cff9584a963345b77989112fd2400bd0eb8a0b055a1fdc8f90b8e0e4167c8127da34aef30232ab0cabde63cd91b468fbc4757e8d53be04536b63e
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy