agenttesla | a79ec100c7ba4df9ecba5aa57f0e62ba2712687b1cc7fae30f795184b63c58ba | Triage

Submit
Reports

Overview

overview

Static

static

Due Invoice.exe

windows7_x64

Due Invoice.exe

windows10-2004_x64

Sharing

General

Target

a79ec100c7ba4df9ecba5aa57f0e62ba2712687b1cc7fae30f795184b63c58ba
Size

341KB
Sample

220520-29b2psbdeq
MD5

0059f43909e0cc3b6f684d9eb7ab2b9c
SHA1

05c27989ea1484bd9c5388ee7aa1c9ba86189483
SHA256

a79ec100c7ba4df9ecba5aa57f0e62ba2712687b1cc7fae30f795184b63c58ba
SHA512

72841022d6e3e63f3985526f025e639def8f2d3cffd57cb7fd984b34cc242519cbf1288f99c86502e3f28c82f8ff853d76041a8b88daa4b6a5c1ec8011d042bc

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Due Invoice.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Due Invoice.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
bigboy5570@@@@

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
bigboy5570@@@@

Targets

- Target
  
  Due Invoice.exe
- Size
  
  410KB
- MD5
  
  84dc340e56d31e9da2e04d9cff00c89f
- SHA1
  
  ee3590a44a19694e1f30efba34fc8e6c393620ff
- SHA256
  
  a17438d009e8a6e90b846941faaeaecd1a71951f97d4b8aa312ad1b2b7a420b2
- SHA512
  
  a2976b236827c9dbc1a05ff653cb1ce3bdf227e4848d4462b83f45fbc0dcf5d238a5da1c86b0023ed9f946e65998cb4eb274ba64e886e1b80d5401d4f952034f
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy