agenttesla | c5e590e0220a03eac1b1533badab7c8b42fde3ca50792bc23aeba5b7c052a928 | Triage

Submit
Reports

Overview

overview

Static

static

David Orde...df.exe

windows7_x64

David Orde...df.exe

windows10-2004_x64

Sharing

General

Target

c5e590e0220a03eac1b1533badab7c8b42fde3ca50792bc23aeba5b7c052a928
Size

441KB
Sample

220520-288z2sbdek
MD5

61b4a4b7c9bafa08feadc5c4f261cebd
SHA1

b2c534a406af4114bea54d053888e351be48b0a7
SHA256

c5e590e0220a03eac1b1533badab7c8b42fde3ca50792bc23aeba5b7c052a928
SHA512

2aa47eb2275740e2e30055f0eb027f74f88c39480a194049ad6b467994a994e2b52e605fe6e9b656c42cd3876dc0f08828c507ed9cfc1b3dea2f9f7bbaff5149

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

David Order List & Images_pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

David Order List & Images_pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.negxen.eu
Port:
587
Username:
[email protected]
Password:
z$:f45umUA+f

Targets

- Target
  
  David Order List & Images_pdf.exe
- Size
  
  670KB
- MD5
  
  2b7ab41056052dbec66110b1b83a5c29
- SHA1
  
  54641338fcbd0845fe612d8b7891813d0d80748b
- SHA256
  
  0529890413f7f952eb1b6a073369119f1f8f5c1b7e0a9611e721bd695975d0fa
- SHA512
  
  2a099c192fb550a9b278829f96dcd9bd3194966c4b6f0cc87273411e08b971d897291ff5d70c730b7f4c1aaac7087a7e3b022dc3722942d0744ee8fd4ee4e7cd
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy