agenttesla | c1b1647d0139cec7502ac097db85343e037559ed0afacab08f50a29e0adadfe1 | Triage

Submit
Reports

Overview

overview

Static

static

3a4fc42fdb...7a.exe

windows7_x64

3a4fc42fdb...7a.exe

windows10_x64

Sharing

General

Target

6647473163108352.zip
Size

732KB
Sample

211231-mfe4yafcfj
MD5

edc795bfc47de956665640fbac377a31
SHA1

489c96bc473ae2fa47a71a0231319a0cda538339
SHA256

c1b1647d0139cec7502ac097db85343e037559ed0afacab08f50a29e0adadfe1
SHA512

f5e02aab1643c7f1d06a2ac05ad8d9afe7e6706827cff6f0e953fd79a970a78ac966a4b142ea4a1904a1450024f4350063ee2239c5a954173689bebc27ad2e3b

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a.exe

Resource

win7-en-20211208

agenttesla collection keylogger spyware stealer trojan

Behavioral task

behavioral2

Sample

3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a.exe

Resource

win10-en-20211208

agenttesla collection keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2049439171:AAHTF-OzMCy9i3S0b0hmaVc_mUsY0h6Ue_w/sendDocument

Targets

- Target
  
  3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a
- Size
  
  300MB
- MD5
  
  02991d493aedc4e3b544cf5b9ee57499
- SHA1
  
  1de6c330b46ac1de2ec149cdc5c3c4f3da979863
- SHA256
  
  3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a
- SHA512
  
  78ba8d96f2c2a91e951980abff59b256ab5e4297bbc12ca9f6a9fcc54036391b177907d74061459a44d2527c92bb47f8ef13a69ef8500fd303dfc41a1c89300d
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2023

Terms | Privacy