agenttesla | 8707ecc0a4c23b20c51f608c251d83d130c9987217f4351d01f355cd005bce0d | Triage

Submit
Reports

Overview

overview

Static

static

4UFa32rSDVEyUvb.exe

windows7_x64

4UFa32rSDVEyUvb.exe

windows10_x64

Sharing

General

Target

4UFa32rSDVEyUvb.exe
Size

683KB
Sample

210504-qedf7kqj92
MD5

4a99d877018f30de83c9cfe46541a4d9
SHA1

c5870fd062129bc05ca85ce6c94c5ec90aa4b88c
SHA256

8707ecc0a4c23b20c51f608c251d83d130c9987217f4351d01f355cd005bce0d
SHA512

6af823be3ac5657cbc1bf1dc5305b55ec354377aacca5bcea1df979d59de11b130a1b481204269cd1a7232503094d24556833a499469a74bc4bf9b7004299ff8

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4UFa32rSDVEyUvb.exe

Resource

win7v20210408

agenttesla evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4UFa32rSDVEyUvb.exe

Resource

win10v20210410

agenttesla evasion keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.sierametals.com
Port:
587
Username:
logs1@sierametals.com
Password:
@^*KJwX7

Targets

- Target
  
  4UFa32rSDVEyUvb.exe
- Size
  
  683KB
- MD5
  
  4a99d877018f30de83c9cfe46541a4d9
- SHA1
  
  c5870fd062129bc05ca85ce6c94c5ec90aa4b88c
- SHA256
  
  8707ecc0a4c23b20c51f608c251d83d130c9987217f4351d01f355cd005bce0d
- SHA512
  
  6af823be3ac5657cbc1bf1dc5305b55ec354377aacca5bcea1df979d59de11b130a1b481204269cd1a7232503094d24556833a499469a74bc4bf9b7004299ff8
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy