agenttesla | 20b1ddb78fe23b024bf7d824cb12a71aab844b5d8e4c956c778b8606bcdbdc34 | Triage

Submit
Reports

Overview

overview

Static

static

PDF45678234.exe

windows7_x64

PDF45678234.exe

windows10-2004_x64

Sharing

General

Target

20b1ddb78fe23b024bf7d824cb12a71aab844b5d8e4c956c778b8606bcdbdc34
Size

551KB
Sample

220520-2mfrdaafdq
MD5

e655ff8b96cb654d570550ca2dff85be
SHA1

305e9a72daff480daf51a78b3c62107222a5a22f
SHA256

20b1ddb78fe23b024bf7d824cb12a71aab844b5d8e4c956c778b8606bcdbdc34
SHA512

519c6d6a0a852ca5e19e353f532dcdf4ed0ef51575f9b0684144a052b6fc2b39b391b1772a26a1d853cf4e206a6417d55b51c12efb194f78fbc82ac9a6bc246e

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PDF45678234.exe

Resource

win7-20220414-en

agenttesla keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PDF45678234.exe

Resource

win10v2004-20220414-en

agenttesla keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
@jaffinmarknma@344

Targets

- Target
  
  PDF45678234.exe
- Size
  
  598KB
- MD5
  
  6a0ea6a397d1f0a4c8f2cab9ea382e13
- SHA1
  
  d1b5d3215858812d42d3c3b89f873cc48b4a1a5a
- SHA256
  
  5c0413285df419d479d3dff547aaeed3e6866566f7c84fdf2fbf583a8616df32
- SHA512
  
  e26890dbfc606b8c59f4e8684be6b357e5210b03b733b711f3639bc4b685081bb46eeba2e25d7793ea460213cdb7727a0679890f354fcd83affc2d23038c8ef2
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy