agenttesla | 18f0a97d1e061b125f0777108a75de30309d7a264cdf26d76f712cbc5c6c1846 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...3..exe

windows7_x64

Purchase O...3..exe

windows10_x64

Sharing

General

Target

Purchase Order No. XIV21623..iso
Size

330KB
Sample

211202-qkewhsbhe5
MD5

79ff89888ac3a107c83f2ca24038f738
SHA1

014e077286246e79413908e870696fb5baa444d8
SHA256

18f0a97d1e061b125f0777108a75de30309d7a264cdf26d76f712cbc5c6c1846
SHA512

f7a9e7e81893c32f33ef7b3ec1edb470108207ff82214254fc8806764d27ac0bd20a5ea5d0b4d44dbe4118e903c82d7a7337e0d6f6b5fae8d5ed9ac04d8958cc

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order No. XIV21623..exe

Resource

win7-en-20211104

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order No. XIV21623..exe

Resource

win10-en-20211104

agenttesla collection keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.peoplesource.in
Port:
587
Username:
anjay@peoplesource.in
Password:
Admin@12345

Targets

- Target
  
  Purchase Order No. XIV21623..exe
- Size
  
  268KB
- MD5
  
  5e5c83d04f20a03826b8cd80d2c4a0b5
- SHA1
  
  840248f524917151d9b44dda32cbb32ab1fd7d80
- SHA256
  
  62c4b3a0c365726907f0ac94621c85f5c52056eb94653b151144cc841502e916
- SHA512
  
  3fa38c0033df01c29b376086df84fed1aa0047c7ce2de2ae2f7465c1ce12211613a7ed78e21a9f6810ebfe35acf713d1749c5f1f2e34f282f063399af0feee73
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy