agenttesla | 7a8732698f2f81274070a085caa2cb933cfd843437dfa5e23ec83e5c71c30b7c | Triage

Submit
Reports

Overview

overview

Static

static

comprobant...__.exe

windows10_x64

Sharing

General

Target

c473f3e2-f8b1-4c8b-a4a2-08d9a90518c2cb60c4ba-ee01-47d6-0a62-164f80712c8e.eml.zip
Size

786KB
Sample

211202-hpw2lafea2
MD5

d6e780ca394eb7b1f5fbdf4a1a8bab3c
SHA1

1a54d087a7c6be4c81d6dbb56e88ddaad1acb7db
SHA256

7a8732698f2f81274070a085caa2cb933cfd843437dfa5e23ec83e5c71c30b7c
SHA512

1c8e8f609837cd5feb08742363685df2f5753964661e9a1839788034cb97ca358356b4b16d639cbca8bac2ee4f3823044285e040eec77e72453d7c428e35d02c

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

comprobante_79433161.pdf______________________________.exe

Resource

win10-ja-20211104

agenttesla collection keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.agenciaaros.com.py
Port:
587
Username:
[email protected]
Password:
icui4cu2@@

Targets

- Target
  
  comprobante_79433161.pdf______________________________.exe
- Size
  
  456KB
- MD5
  
  01695780f415e0d1e9dc20c16dbb64d1
- SHA1
  
  f44d0b77c9d88a1335f617f4f65d94e1036ef24b
- SHA256
  
  d08be3f4b0e2532a51bb9fbf929d2d1e4ad9f3adae2c66ac70e4dfc3acc45aab
- SHA512
  
  485b4dbc8c9e4750dfed944aecb93d5e5023efeb51872fe61a256e8aebbcab30bf753036feec7a0af18b48be8f7ce7b62f2b3fae7f95d4d793835d4212d065c8
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Registers COM server for autorun
  persistence
- AgentTesla Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy