agenttesla | 6d05f15586c2e9b214b64df08320eb58540fa2700e99a8cf4214b5cdd982ca4f | Triage

Submit
Reports

Overview

overview

Static

static

Project AC...g).exe

windows7_x64

3

Project AC...g).exe

windows10_x64

Sharing

General

Target

Project AC (Minutes of meeting).r00
Size

421KB
Sample

211203-s7dyvabhf7
MD5

b31df9408475ade848022d00d6fab5cc
SHA1

03039266a550b206a10f5c0fe228933d1cb12ec8
SHA256

6d05f15586c2e9b214b64df08320eb58540fa2700e99a8cf4214b5cdd982ca4f
SHA512

9c1e0ff7d929d92f017c98bc365a12400559f2e6b66b191c9c584cf1766ad172e862b103e245802c1af56771dbb5366c6352dde644451a06c23722ce8010790e

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Project AC (Minutes of meeting).exe

Resource

win7-en-20211104

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Project AC (Minutes of meeting).exe

Resource

win10-en-20211104

agenttesla collection keylogger spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2124462934:AAGr-L06waDdFGpnKJz3_DCOFcJpWDQ7WIM/sendDocument

Targets

- Target
  
  Project AC (Minutes of meeting).exe
- Size
  
  476KB
- MD5
  
  0a3a1385c70ecec991de3baf9ea504e8
- SHA1
  
  86816fa13e9cba505c8566460d40d83d38e8d0aa
- SHA256
  
  bc1c5068758bf788a3e39e19e6eb76d8cc3600b1c7cc0e710cf960a9e7cf3f1c
- SHA512
  
  ec7a49086923aaf1abc01f1a83416c112b8465d852eaf907e459e8f5c0d25a31c9a15632317b1e3408a19dacd8ed9f5d7614a8bca1e7ee9bd2e135b92c407569
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Drops file in Drivers directory
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy