agenttesla | 4f4b3dded538765e48f27d8bf0ef605572313a3f95f71f642daa53402abd8776 | Triage

Submit
Reports

Overview

overview

Static

static

EFINAL REV...21.exe

windows7_x64

EFINAL REV...21.exe

windows10_x64

Sharing

General

Target

EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe
Size

635KB
Sample

210727-bhga5vh38x
MD5

ca9ce774706c2f1708af10d3da19be03
SHA1

059fc99b8d6ff50f997d7acb1a0ccf55cc776605
SHA256

4f4b3dded538765e48f27d8bf0ef605572313a3f95f71f642daa53402abd8776
SHA512

b351dbb0eae5871f7996a46d004862c824fdc6f23bfb06cff6b55f3662fc453e890e5af94c0b02cbf513228be27e39a5f13ccade69b5bd3de4149af1f34ed760

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe

Resource

win7v20210410

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe

Resource

win10v20210410

agenttesla keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://universalinks.net/
Port:
21
Username:
bring4@universalinks.net
Password:
{lafa{u^wEx8

Targets

- Target
  
  EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe
- Size
  
  635KB
- MD5
  
  ca9ce774706c2f1708af10d3da19be03
- SHA1
  
  059fc99b8d6ff50f997d7acb1a0ccf55cc776605
- SHA256
  
  4f4b3dded538765e48f27d8bf0ef605572313a3f95f71f642daa53402abd8776
- SHA512
  
  b351dbb0eae5871f7996a46d004862c824fdc6f23bfb06cff6b55f3662fc453e890e5af94c0b02cbf513228be27e39a5f13ccade69b5bd3de4149af1f34ed760
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy