agenttesla | e8eb5efccb0a966deecf2946ba24624141bb68580650bc8ea9facf4d8b5db148 | Triage

Submit
Reports

Overview

overview

Static

static

MV HUA SHAN.exe

windows7_x64

MV HUA SHAN.exe

windows10-2004_x64

Sharing

General

Target

e8eb5efccb0a966deecf2946ba24624141bb68580650bc8ea9facf4d8b5db148
Size

619KB
Sample

220520-16txnsegb8
MD5

8ad5c6c846447df8753aa3adc1c91356
SHA1

348420e8b497ab1aefc1808fee2fcd02cb0ab14d
SHA256

e8eb5efccb0a966deecf2946ba24624141bb68580650bc8ea9facf4d8b5db148
SHA512

e86aaed2243f02658772d36f47d0294496664f335531f2bca55743939ea43e4f77c6f7d4a080f905944292004ece7ba8d8a3e37eb35f06dcfb2e70fcd82bcc52

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MV HUA SHAN.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV HUA SHAN.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.vishnucars.in
Port:
587
Username:
[email protected]
Password:
Swift123#

Targets

- Target
  
  MV HUA SHAN.exe
- Size
  
  735KB
- MD5
  
  4ae01c56aa986c5e2edf299cd69116b5
- SHA1
  
  622ec560c3f2234884e8598776771747f0036060
- SHA256
  
  4ba3daeca73f3cde751424f8ec9972e274e0ffe915ce7c58eac0bf4d278920b1
- SHA512
  
  c71aea8ce8fc38bdf8d8d112ea597885585c467e90ad4ec7d1a3253fb39fe713c2c6c1594e59614fc68842dc717e75dfaef401aef01ed29871e141f10648f174
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy