agenttesla | 0270ccbf19805f0f367437cde61674671fb089dd7349df65b7e1408ac464d1f6 | Triage

Submit
Reports

Overview

overview

Static

static

BND28384.exe

windows7_x64

BND28384.exe

windows10_x64

Sharing

General

Target

BND28384.zip
Size

467KB
Sample

211018-w7666sfbhm
MD5

241882fe80267cfd978612a6c1313cd4
SHA1

6c85454aa96d5bfa6e6b327b5cd00c479d88f0a3
SHA256

0270ccbf19805f0f367437cde61674671fb089dd7349df65b7e1408ac464d1f6
SHA512

fdcbe89370ae6008606a0b4db88dffaac4eb267389714972749b8e5c6108b82368b432c5cee31b4f54900823f6be63ac326e397f825c049d1b609bdb97c38753

Score

10^/10

agenttesla evasion keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

BND28384.exe

Resource

win7-en-20210920

agenttesla evasion keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BND28384.exe

Resource

win10-en-20211014

agenttesla evasion keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.westviewcargos.com
Port:
587
Username:
[email protected]
Password:
Choice@@@12345

Targets

- Target
  
  BND28384.exe
- Size
  
  739KB
- MD5
  
  91b12e9726457f2c6ad29b8b27bf7e3c
- SHA1
  
  03406222c3cc95e03736a5844e31975b714758dd
- SHA256
  
  e4a297a62797d50a37f87d75499be34639395d4791416d2be66c0e3c6a43a8d1
- SHA512
  
  8e220ae8c5765fcb4cb65e5d04f4f7c296ecd22d6d81556bc4cf908b66e49210e8139e18b9a82f837870c390388d10f9cea2a575d46b6dc8dc574585500cb907
Score

10^/10

agenttesla evasion keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslaevasionkeyloggerspywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy