agenttesla | a78ed0e0461ad45a02780b825a48558bf0a97ca495ffc4ed99aa33db0030e0cf | Triage

Submit
Reports

Overview

overview

Static

static

b4KzpmcAXwZ3drv.exe

windows7_x64

b4KzpmcAXwZ3drv.exe

windows10-2004_x64

Sharing

General

Target

a78ed0e0461ad45a02780b825a48558bf0a97ca495ffc4ed99aa33db0030e0cf
Size

610KB
Sample

220520-2bqgfafae7
MD5

f8e7e07c5bdeafa5875f685284bfdaf8
SHA1

57a022c105b026132b3fa04e771abeebc8ce3ddd
SHA256

a78ed0e0461ad45a02780b825a48558bf0a97ca495ffc4ed99aa33db0030e0cf
SHA512

3bbe5c8c99625bccce5b5c0bcc57a563b56ef1c6ac78d534df51f4e5443c6d1f5b6bcfe4d2bd3990f606c845091208b6443f45955716d537b59c33fb7921f07a

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b4KzpmcAXwZ3drv.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b4KzpmcAXwZ3drv.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
KInhQdv5

Targets

- Target
  
  b4KzpmcAXwZ3drv.exe
- Size
  
  548KB
- MD5
  
  a7117f7888c74d3dd8bf553793c60cc5
- SHA1
  
  debb55652bf8cd8c4dc2be3776c0ff19e5037930
- SHA256
  
  14ac862307f76bdf323ae2ae84ed2b46b35483202bf81031c716143343ba7b00
- SHA512
  
  f425f29774544362927b53b066d67033fdb25d739e0c95344f11cf9ea8674f393dedb7f4314a2e0314ad214b178ab659d515b6144df27629f2037f79dbb03e35
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy