agenttesla | 3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a | Triage

Submit
Reports

Overview

overview

Static

static

INV1307202...63.exe

windows7_x64

INV1307202...63.exe

windows10-2004_x64

Sharing

General

Target

3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a
Size

390KB
Sample

220520-2kdt1afeb2
MD5

fa8663be82ec2b5a48fcda0ae1c9702c
SHA1

cc29e4606beddfcaa602becf817c246f0e329ff1
SHA256

3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a
SHA512

af98ea8e2df4ee5d9fea376834c8edcd4338d5f56f0f99ac1ee6f86066ef11df5009fd96035ab49d57271f011facb42799615f730b8f6a106abe90f228a27d93

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INV13072020PO77463.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV13072020PO77463.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.tpts4seed.net
Port:
587
Username:
[email protected]
Password:
Krested123@

Targets

- Target
  
  INV13072020PO77463.exe
- Size
  
  337KB
- MD5
  
  726878100613c88b1fe3e43ff71fb74e
- SHA1
  
  2ac040b0933bb1ff367ec3feb72698c37cc0bb6f
- SHA256
  
  e98b23f13bd43ef55774986242d5a27c07c59d576b6c8a8aff136e98620d87e1
- SHA512
  
  8afd1514eb6125bea4aa038de169dae906ae4dbc4faa24d39de6b2c77ab4eba81bacc428e1f68519d144cabb6527374d9e3af4829c8f941aca786ef0a3dbed0c
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy