agenttesla | b763ce52f9148fa8fa22da8df46135e8ac441c9e1986ac2848eaf8f93c743198 | Triage

Submit
Reports

Overview

overview

Static

static

copy of de...te.exe

windows7_x64

copy of de...te.exe

windows10_x64

Sharing

General

Target

copy of declaration certificate�& Tan lette.exe.gz
Size

763KB
Sample

210726-tfgtqtnwc6
MD5

a0c63cf6dbee270cfc537f28a9bb5a2e
SHA1

e885cd26efb3fe578e876411d415be4f9d0bf457
SHA256

b763ce52f9148fa8fa22da8df46135e8ac441c9e1986ac2848eaf8f93c743198
SHA512

2d9c83a1c6188f24f04288f75c1a2aa686595eded9d82113a8556df8d61de1200b9abdce9f58277e34991ca2c468279e1329dea20eb51e43c8b3ff2f10b19d15

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

copy of declaration certificate & Tan lette.exe

Resource

win7v20210408

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

copy of declaration certificate & Tan lette.exe

Resource

win10v20210410

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server291.web-hosting.com
Port:
587
Username:
ikmero@crestftb.com
Password:
riches22@123456

Targets

- Target
  
  copy of declaration certificate & Tan lette.exe
- Size
  
  1.6MB
- MD5
  
  6670c19ddf28b94dc9832ef37a4b976f
- SHA1
  
  6e6116fca5d75635c5906ed87db698fad545f087
- SHA256
  
  13d90261f73ecaa7455ccdaf16de6d96b122e8829cbf0ffe84ab89fc2cf4cad2
- SHA512
  
  979a3fb7ca18acba12a8c71d0893bc447826bfd4f1a7a6d13683c6ef00b315df4945e6a4cdf6da62c7a13a64c5aa56705c689e2847e7a267c592c0e48c55c35c
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy