agenttesla | d72d35adba8ec838c08352212252448854f69091a3a246b5fa7991ce649dbb01 | Triage

Submit
Reports

Overview

overview

Static

static

General Sp...on.exe

windows7_x64

General Sp...on.exe

windows10-2004_x64

Sharing

General

Target

d72d35adba8ec838c08352212252448854f69091a3a246b5fa7991ce649dbb01
Size

742KB
Sample

220520-173wzaaaaj
MD5

32c35ae6c0fb7f30eebef3063f8cbed7
SHA1

38790d82bbe3b79cc30a216118b2a5e75d82b4d6
SHA256

d72d35adba8ec838c08352212252448854f69091a3a246b5fa7991ce649dbb01
SHA512

b3de8344bb4b21c720a43e2d341e826a00226d8e27621c0fd924a1112ee8951d2ee11a89506cff77eed253264605b0c07744899230984dc4ba89710865a76044

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

General Specification.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

General Specification.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
henry1234

Targets

- Target
  
  General Specification.exe
- Size
  
  894KB
- MD5
  
  e6201148b3a7026bf29818035359ec26
- SHA1
  
  8f8e692a0b92952fe80b707e0f8384c82d74db27
- SHA256
  
  07ceaea9dd455538281cd8afd3b0fe49b34be3bfd7e30718572f6464bead5569
- SHA512
  
  2fc15e7b62dc9222ae6b52a4a4f15a4dbc388db9b3b07eaa24b2005cb63daf517088c7842c2fd8229b6d26fd3ff30d0c4bfadd87a8c82ccb697ee16c82ff7ba5
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy