agenttesla | d74b8e71e949871886f3aaa4fad46d9179486dfca5fc1e1cd78be292b338efe1 | Triage

Submit
Reports

Overview

overview

Static

static

Invoive-14...10.exe

windows7_x64

Invoive-14...10.exe

windows10_x64

Sharing

General

Target

5934488425234432.zip
Size

768KB
Sample

210727-8ywlx8a252
MD5

b4e0241a2b357182f7c8d26d2e78dd14
SHA1

b1dca0b9563b2105edb81ca7a05dc9f4a5400e08
SHA256

d74b8e71e949871886f3aaa4fad46d9179486dfca5fc1e1cd78be292b338efe1
SHA512

b64b0c4c93ba4ae155dbb6ab77e2dc30afe4fb3d7bc45e6a7f037b5be22ef3d2018fbda531171ec2f53e2c3c6647ed6b9f05f54ce023f888012459dca7e57f39

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoive-1434-9CF0010.exe

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoive-1434-9CF0010.exe

Resource

win10v20210408

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.shakurjay.com
Port:
587
Username:
shakur@shakurjay.com
Password:
zpwXtxm7

Targets

- Target
  
  Invoive-1434-9CF0010.exe
- Size
  
  971KB
- MD5
  
  bb69452c6d73c1fcfed935b1d1350d2e
- SHA1
  
  1de0031656783845d901f6e711f26ab92c31d739
- SHA256
  
  8b3d6e6b6858b30a3efc50c2ed1d4ed4f62a4451b2ffdb3f669ad69e79d55dc5
- SHA512
  
  94735b88d107c93dbc7c6787fd5d669e4318cbfddf794535bf68f9f5e7ee38c217bb16955819c2d513516b06880dae57f7e27328e37a8d8e83305c3e41f35973
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy