agenttesla | 4b3a9c485b55307538cfd0cbfe541f020324952638b9cbf495be7c9d1660d5e7 | Triage

Submit
Reports

Overview

overview

Static

static

Images.exe

windows7_x64

Images.exe

windows10-2004_x64

Sharing

General

Target

4b3a9c485b55307538cfd0cbfe541f020324952638b9cbf495be7c9d1660d5e7
Size

588KB
Sample

220520-2h56gafdd5
MD5

e4179a1fb0b0caedbaaf44c71e78fc78
SHA1

4c43c387924025eeb9752531a7cb3fb0c835610f
SHA256

4b3a9c485b55307538cfd0cbfe541f020324952638b9cbf495be7c9d1660d5e7
SHA512

5420a347609d42089a42a058d577e0d29482fdb7d70e4b2bd474c0f1737511e9f0347e0a9d00aa4e6ff9fff4ae58c94fd5a016800dfa4599eb67d6d4e5059591

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Images.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Images.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.dicera.com
Port:
587
Username:
[email protected]
Password:
796147

Targets

- Target
  
  Images.exe
- Size
  
  804KB
- MD5
  
  a4e259de56ca50059f7f23b788d50f0b
- SHA1
  
  e1368e3a6882ffe538563abb5fe8d043cf44cd8e
- SHA256
  
  9297d40e8a55c2bb0d833d2210859dbe1a3486503f47781ac46cbb96d842407d
- SHA512
  
  660bcf708d9e4c52bc3a28b8de51620884fbd0d0203f0ec4b8e3bbdaf9e21b9f737f207380d0f41eea69f0798bb43035e9d3d95b0b5c674868d8f95b97aba667
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy