agenttesla | 2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c | Triage

Submit
Reports

Overview

overview

Static

static

4be2533252...a8.exe

windows7_x64

4be2533252...a8.exe

windows10_x64

Sharing

General

Target

4be25332520b26fccaf19093613142a8.exe
Size

418KB
Sample

211018-nckexsedbq
MD5

4be25332520b26fccaf19093613142a8
SHA1

33c32233015f2621f62c060f2f343e19484bbbda
SHA256

2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c
SHA512

b59e75fd695e3eb5404a14bb995a65757653818c106e81adfdadab82948aa79a412b001b5f4b99dc2e7ede03a56ee7d5ac8dae79ec37b10185b32a2f4efc8bd3

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4be25332520b26fccaf19093613142a8.exe

Resource

win7-en-20210920

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4be25332520b26fccaf19093613142a8.exe

Resource

win10-en-20210920

agenttesla collection keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.lko-import.de
Port:
587
Username:
[email protected]
Password:
TVMHSiW5

Targets

- Target
  
  4be25332520b26fccaf19093613142a8.exe
- Size
  
  418KB
- MD5
  
  4be25332520b26fccaf19093613142a8
- SHA1
  
  33c32233015f2621f62c060f2f343e19484bbbda
- SHA256
  
  2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c
- SHA512
  
  b59e75fd695e3eb5404a14bb995a65757653818c106e81adfdadab82948aa79a412b001b5f4b99dc2e7ede03a56ee7d5ac8dae79ec37b10185b32a2f4efc8bd3
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy