agenttesla | fe5e91a9a892837b9450400f801a7f3d1b114c0b915026d4ee65922593579a0f | Triage

Submit
Reports

Overview

overview

Static

static

Payment Advice.exe

windows7_x64

Payment Advice.exe

windows10-2004_x64

Sharing

General

Target

fe5e91a9a892837b9450400f801a7f3d1b114c0b915026d4ee65922593579a0f
Size

752KB
Sample

220520-147qraefc7
MD5

9b2c265aa6f0530f631618ca36f2f1d3
SHA1

8a3a2d3883611afa97ca97d40afa30612a92bdbc
SHA256

fe5e91a9a892837b9450400f801a7f3d1b114c0b915026d4ee65922593579a0f
SHA512

78ce5d2092fbbf978d27386e6d32b4e41d34c711e225ad6fde1e19f048b49f6dd295b90b0daa3bf8d9873e4f8560429d12e642fd6de9a401cc8923173fe0d33c

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Advice.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Advice.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.grandtours.gr
Port:
587
Username:
[email protected]
Password:
!Bitter-bullet-chuck-major!

Extracted

Credentials

Protocol: smtp
Host:
mail.grandtours.gr
Port:
587
Username:
[email protected]
Password:
!Bitter-bullet-chuck-major!

Targets

- Target
  
  Payment Advice.exe
- Size
  
  691KB
- MD5
  
  26af78ad5b6bde747cb7c5b6798d13f7
- SHA1
  
  28ebe93177032569db769b91ccd9e0992b76149d
- SHA256
  
  c937a2903274b2498a1d488de6d7cf11811d9dc51749e4c4256262e1236473f8
- SHA512
  
  159f1f5a13df5bb408376429278955d723117bd46097a7e1ecccfb248a0dbc0ef22708a76e5c6cf14c9b2b5ec2458505b01e9788fd3da734726b565e048023c6
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy