agenttesla | a061525b3a2bd5c33247101b2ba5cb9b7c6dcb10f2923c4315a88d080b2b4b1c | Triage

Submit
Reports

Overview

overview

Static

static

MV. HUA SHAN.exe

windows7_x64

MV. HUA SHAN.exe

windows10-2004_x64

Sharing

General

Target

a061525b3a2bd5c33247101b2ba5cb9b7c6dcb10f2923c4315a88d080b2b4b1c
Size

635KB
Sample

220520-2b89jsfag2
MD5

8e6e3c1f57f107e9d56819bf99d7b70b
SHA1

904d5299142cc025e02f55d1b37d23c4873e487a
SHA256

a061525b3a2bd5c33247101b2ba5cb9b7c6dcb10f2923c4315a88d080b2b4b1c
SHA512

fb0cfcd8eed6e9fab660d34ad8cf95dc8ad9a0fa2ac24feb4a540613409a1edde6c443d628fce58baf19547a2a42bfb8e7e3fa05c54dd8228f8064cd64c08df4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MV. HUA SHAN.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV. HUA SHAN.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.vishnucars.in
Port:
587
Username:
[email protected]
Password:
Swift123#

Extracted

Credentials

Protocol: smtp
Host:
smtp.vishnucars.in
Port:
587
Username:
[email protected]
Password:
Swift123#

Targets

- Target
  
  MV. HUA SHAN.exe
- Size
  
  750KB
- MD5
  
  01cb8bc3d29ffd8b250929e4ff86f332
- SHA1
  
  c0b95a3eafb986bd532f4723ffb93be60d8cf5a1
- SHA256
  
  d4dcc5c195854c35dd8936c0ec04ce903b60153042e5e13e03ba080fbf73519e
- SHA512
  
  480b8315dde715541d87d0bd1f01585471f5e19de59de062fabfcc2804a1b5bfa219c3df4ba448ebb9c9fba027059798f8a72350d31af6cc2e74972ea04206a0
Score

10^/10

agenttesla keylogger spyware stealer trojan collection persistence
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy