agenttesla | 695d9cd287ce5ee85681b570ee37daa421550dc4b25101240bba64245a729bd9 | Triage

Submit
Reports

Overview

overview

Static

static

SHIPPING D...PL.exe

windows7_x64

SHIPPING D...PL.exe

windows10_x64

Sharing

General

Target

SHIPPING DOCUMENT & PL.exe
Size

476KB
Sample

211018-xwg9caech3
MD5

b4bf9d3bda738a3d6794dfb47a85f011
SHA1

b81cfd36eed1b54cc8dd3001f1c3f6e007b3748b
SHA256

695d9cd287ce5ee85681b570ee37daa421550dc4b25101240bba64245a729bd9
SHA512

76259472997a20a2641acd4f797e25abbae63c989a45df7489f643175e6fc9187f616b2044dc0f49ea47904109e16fa7bf826658bd1f48acb6fd6f90d42b90a2

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SHIPPING DOCUMENT & PL.exe

Resource

win7-en-20210920

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SHIPPING DOCUMENT & PL.exe

Resource

win10-en-20211014

agenttesla collection keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.davaobay.com.ph
Port:
587
Username:
[email protected]
Password:
p@ssw0rd

Targets

- Target
  
  SHIPPING DOCUMENT & PL.exe
- Size
  
  476KB
- MD5
  
  b4bf9d3bda738a3d6794dfb47a85f011
- SHA1
  
  b81cfd36eed1b54cc8dd3001f1c3f6e007b3748b
- SHA256
  
  695d9cd287ce5ee85681b570ee37daa421550dc4b25101240bba64245a729bd9
- SHA512
  
  76259472997a20a2641acd4f797e25abbae63c989a45df7489f643175e6fc9187f616b2044dc0f49ea47904109e16fa7bf826658bd1f48acb6fd6f90d42b90a2
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy