agenttesla | bda17927cce16ab2c2324f3b95f3eb8a005399f325cfa07221fb3c4f9e7ed36b | Triage

Submit
Reports

Overview

overview

Static

static

3496430927654_RFQ.exe

windows7_x64

3496430927654_RFQ.exe

windows10_x64

Sharing

General

Target

3496430927654_RFQ.zip
Size

195KB
Sample

210423-qekxn5nq7j
MD5

55940c69f8300650ad0b4d4f062aa57e
SHA1

64acc019a856a915e498cd2fe00e642305243c29
SHA256

bda17927cce16ab2c2324f3b95f3eb8a005399f325cfa07221fb3c4f9e7ed36b
SHA512

be22ca08def89b23326aa36ce63fb545e9de0b02938e6b1a582fc7b8c7e78bc0d8490f360bb82813e36bb34b91e909482f4f6ce4442f4005ee3fcb12e99f07de

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3496430927654_RFQ.exe

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3496430927654_RFQ.exe

Resource

win10v20210408

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
fundingonly@gmail.com
Password:
kinging22

Targets

- Target
  
  3496430927654_RFQ.exe
- Size
  
  571KB
- MD5
  
  4acd37e21b5950fc28752481f0d2d8db
- SHA1
  
  1b875e2f2b212604ab8d4891b164d6c0f42986a5
- SHA256
  
  5849b64404a17d7613bf27259eba36ad479f4d3163cd73ae54073b281a0246e2
- SHA512
  
  1dc70030462ae53711d1d50157dc8133bdec2be753ee701fecc6b8a4fb71fde8cc26cfc13bd426c6be92c5652b286dffd1e37250de09eb85914263fadfd3b774
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy