agenttesla | b362ec7976cb2d6088690e307a73fef14cfe766c2140ce06b575cf45aa87135a | Triage

Submit
Reports

Overview

overview

Static

static

bank draft copy.exe

windows7_x64

bank draft copy.exe

windows10-2004_x64

Sharing

General

Target

b362ec7976cb2d6088690e307a73fef14cfe766c2140ce06b575cf45aa87135a
Size

652KB
Sample

220520-2aqe2sabak
MD5

4bab00d7d886dd82600c2fbbe4f7d5ef
SHA1

3c951b1392723322ad032bc9727af5ea09f5c610
SHA256

b362ec7976cb2d6088690e307a73fef14cfe766c2140ce06b575cf45aa87135a
SHA512

2c4acc4352edf032f4545891c7527971b924a80b68eeeb8fe68d68e8b99c6e63c4d7b958c989afe3ce805404db003bd538ffe1ec41370d3e13f82b073ba3d8bb

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bank draft copy.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bank draft copy.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.labiconics.com
Port:
587
Username:
[email protected]
Password:
Labiconics@2018

Targets

- Target
  
  bank draft copy.exe
- Size
  
  591KB
- MD5
  
  bb70f93b4b431d171998766226fcb70b
- SHA1
  
  036869fbc836fe69690317399612a1ac75a6d526
- SHA256
  
  bf16393640303afe03a092d605a39a69d05158bce15d690128ef2b2103dfa5c7
- SHA512
  
  9c96a98bb5a798cfc9d311a964821c8ecb243ea2b5bf2873c19bc9faee9a4683762de44980c90959c82ec42def7a2d1339798e140ebfe2ec501d395f75df1886
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy