agenttesla | d280879e1a80af1c1c3862ff2f7e93488c70475a76e8c4702369ae36445531d8 | Triage

Submit
Reports

Overview

overview

Static

static

INQUIRY.exe

windows7_x64

3

INQUIRY.exe

windows10-2004_x64

Sharing

General

Target

d280879e1a80af1c1c3862ff2f7e93488c70475a76e8c4702369ae36445531d8
Size

575KB
Sample

220520-18kf1saabm
MD5

fea7c7843a08d6605d2e0709574982bc
SHA1

44eaee5a986060a767c642211c3e15485ec57996
SHA256

d280879e1a80af1c1c3862ff2f7e93488c70475a76e8c4702369ae36445531d8
SHA512

f674437256fe35f3faf3cd8becb436f396eb50a0a29e4825304e2b565c8024293b93a36f3e7f306260fdcec4953ae4d3e14d907743d1952d34d838c226fd5ff4

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INQUIRY.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INQUIRY.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.millndustries.com
Port:
587
Username:
[email protected]
Password:
{zdog:g7S@R3

Targets

- Target
  
  INQUIRY.exe
- Size
  
  755KB
- MD5
  
  80f173a6a405dcc12a8e3b4b3068c481
- SHA1
  
  303de8b04f8d274e762b6a7da8fe71e72ff1bdae
- SHA256
  
  a60d036982b1a91c4ccc905f17da542297129040d3c4c5b6546a7158b2e0dcbe
- SHA512
  
  2819d68ad38a695898c46ef5f1b4c1c8ca70cc14927acee5339558e3e62b1565a1132769958f36154b268c31a0ba6c9749130137d040f55017a94249237eb195
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy