agenttesla | 4125f2eb7af619c5a6dd3603246f22310995e7bbfb8bc03e032ca74bd8243fe1 | Triage

Submit
Reports

Overview

overview

Static

static

70654 SSEBACT.exe

windows7_x64

70654 SSEBACT.exe

windows10_x64

Sharing

General

Target

70654 SSEBACT.zip
Size

392KB
Sample

211019-lzpl2sffa8
MD5

9ab5d41177cb248218b0719c61cde879
SHA1

c23845b414b8763a02e1e6fa5b5d4632402123b1
SHA256

4125f2eb7af619c5a6dd3603246f22310995e7bbfb8bc03e032ca74bd8243fe1
SHA512

26a2a103e7bb3714d411bc735929f73ecc77c5433c05298bbe16b8c5157c8c70ec6bb74df2a58b59e36c5ba09e78107ab07453c9f9d165c84ac1cc5b1b3bca3f

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

70654 SSEBACT.exe

Resource

win7-en-20211014

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

70654 SSEBACT.exe

Resource

win10-en-20211014

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.timsonlogisticske.com
Port:
587
Username:
[email protected]
Password:
timsam2015

Targets

- Target
  
  70654 SSEBACT.exe
- Size
  
  451KB
- MD5
  
  d4fbd30ce19b0d9632201fbfe9b9943d
- SHA1
  
  f0dbe35cf51b8b1c909ec0ea5a8c1228986f36ab
- SHA256
  
  192af07a83d42e824b8afc672e276e9f7906fc40c36776cb309e3d7762851206
- SHA512
  
  562c44288f64e38af06f6a462ebbe5a51ae1b397095e30f6ae27fbf60dd499e9e015bd0facb2b82393b7c974e3cabe5a0ad32ce440401b5bfb21b068d56ec13c
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy