agenttesla | 63e6eccb010325a030f5535f3391706f333a225675484880ac23b0305903b4a2 | Triage

Submit
Reports

Overview

overview

Static

static

WaybillDoc...61.exe

windows7_x64

1

WaybillDoc...61.exe

windows10_x64

Sharing

General

Target

WaybillDoc_3227610761.zip
Size

344KB
Sample

211026-j74ptshab7
MD5

1a4f0b9611e1e9fa094603c424a6f225
SHA1

3feea63f17f80ba906f6c0e9529c80d2293df0b9
SHA256

63e6eccb010325a030f5535f3391706f333a225675484880ac23b0305903b4a2
SHA512

389ca1c2fbab9891d2dd02beede224d59bbbac7b035bc437139792d12b7b7bfaf5b41f3cdd9e3e4cd0e6bb198a2e5dbbca198622933b9684375e0c1877bb563b

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

WaybillDoc_3227610761.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

WaybillDoc_3227610761.exe

Resource

win10-en-20211014

agenttesla collection keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.aldayrawigroup.com
Port:
587
Username:
[email protected]
Password:
HdhM#2020$DG17&

Targets

- Target
  
  WaybillDoc_3227610761.exe
- Size
  
  359KB
- MD5
  
  e1f6e9f4cb16ec2ff69e5457f6085953
- SHA1
  
  c3d55ec898081cd85fbe509050ca09d04f025936
- SHA256
  
  cabec98e090f5855400c7b878d6e9e01e12f418a3a89e95343b64c5504db6eb8
- SHA512
  
  f44aee4638bb00e8533bbc838de92307d5f884d14b91f4539d2147045ff45d42deb621aff6065eb5c15cb708d2671bd4ecefdf2ac32f1bddedad876b479924b9
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy