agenttesla | e08f1ec1f7e589e8951e895654e7a4dd75423026415ded2040f363c5ca29a6c2 | Triage

Submit
Reports

Overview

overview

Static

static

qz213kxyuSGYghq.exe

windows7_x64

qz213kxyuSGYghq.exe

windows10_x64

Sharing

General

Target

qz213kxyuSGYghq.exe
Size

414KB
Sample

211020-hqdawahffl
MD5

8a9d1529717c2a1439c582d43e3bbae6
SHA1

895ac5ef5fb7aa13f12833c72f340c3b7d2529a9
SHA256

e08f1ec1f7e589e8951e895654e7a4dd75423026415ded2040f363c5ca29a6c2
SHA512

be31ee771e1215e1d561df81d267488261d54a2fae30751a4afc0362a0d247660a2ea9e111da77a9cc72491486ead28a9e7f7001ee1c52cc0b5b668f5a4f9e46

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

qz213kxyuSGYghq.exe

Resource

win7-en-20210920

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

qz213kxyuSGYghq.exe

Resource

win10-en-20211014

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1990818097:AAEwom4DVSnyX5nLZhtvlrvCnmzUsVj23cE/sendDocument

Targets

- Target
  
  qz213kxyuSGYghq.exe
- Size
  
  414KB
- MD5
  
  8a9d1529717c2a1439c582d43e3bbae6
- SHA1
  
  895ac5ef5fb7aa13f12833c72f340c3b7d2529a9
- SHA256
  
  e08f1ec1f7e589e8951e895654e7a4dd75423026415ded2040f363c5ca29a6c2
- SHA512
  
  be31ee771e1215e1d561df81d267488261d54a2fae30751a4afc0362a0d247660a2ea9e111da77a9cc72491486ead28a9e7f7001ee1c52cc0b5b668f5a4f9e46
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy