agenttesla | d7677d8ae3578e42bc4e7802420b14f63eb7ff9425f46c413c57eca2d8420e68 | Triage

Submit
Reports

Overview

overview

Static

static

Copy BL an...te.exe

windows7_x64

Copy BL an...te.exe

windows10_x64

Sharing

General

Target

Copy BL and Debit Note.rar
Size

434KB
Sample

211019-hprf4sgccj
MD5

7bdfe8201d32f4fb9c6dbec39a8d0255
SHA1

e9707fb2770c963f370680e7464793da8e27c57e
SHA256

d7677d8ae3578e42bc4e7802420b14f63eb7ff9425f46c413c57eca2d8420e68
SHA512

b2b6c843b39ca23509f3e22aa03aec870a5155f1a1e9f114816d9ce3b2fbc440441a7da012d29603b6702e9e6d80ba17b34c97ea741725f33ed46a1c66e988d8

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Copy BL and Debit Note.exe

Resource

win7-en-20211014

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Copy BL and Debit Note.exe

Resource

win10-en-20210920

agenttesla collection keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.davaobay.com.ph
Port:
587
Username:
[email protected]
Password:
p@ssw0rd

Targets

- Target
  
  Copy BL and Debit Note.exe
- Size
  
  526KB
- MD5
  
  bf3529f043b5bbd871d4fe1fa7dbd9b7
- SHA1
  
  0770c707d13b4b186bf926413b806bd88fe2bdfc
- SHA256
  
  33e67621d21b3a8a3afd7bd73c2ee1dadd4d9d18faa31b68f67bdd54f7804cd0
- SHA512
  
  39fedee0ce4b83dd382a0369953607cc5f06a498b06d4340e051ca13bdc66cd5e1f16439feb0af09e2ec665e80552d5856cb6bdba2dd5f26f39ffcc6205ddcf2
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy