agenttesla | 0ea0deca999677cda2359ab9c96fab953db2e2e3a47d7d1194b0f3c37d3f4835 | Triage

Submit
Reports

Overview

overview

Static

static

MV LUCKY TIFFANY.exe

windows7_x64

MV LUCKY TIFFANY.exe

windows10-2004_x64

Sharing

General

Target

0ea0deca999677cda2359ab9c96fab953db2e2e3a47d7d1194b0f3c37d3f4835
Size

626KB
Sample

220520-2n1g6sffg3
MD5

408e7eda9ba93ea8144364127a2771df
SHA1

6fb732814a2e3438349d3c3680238a843a6828ff
SHA256

0ea0deca999677cda2359ab9c96fab953db2e2e3a47d7d1194b0f3c37d3f4835
SHA512

3bbfe2cdb0340482b6c2034d6b0a860c2296d904e1b08f8ea010b8c68758deac99e3138724ac527c1b6c371fcd9682e3c863ea60bf05a130e4bb4313721fc826

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MV LUCKY TIFFANY.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV LUCKY TIFFANY.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.maihyundai.com
Port:
587
Username:
[email protected]
Password:
isla44332211

Targets

- Target
  
  MV LUCKY TIFFANY.exe
- Size
  
  783KB
- MD5
  
  b878c3a2d2acd700fdc3275ed6557383
- SHA1
  
  81b161ec5ced453eb0a7ac1d25dafb825ff67228
- SHA256
  
  a9cf92e1eeda276eae412eb2236216cadcb6342d6c4e638ea337349693f633b9
- SHA512
  
  11411c7494a1a71a3ad2fdaf9183bdc704801fe2a5a4207b348fbb4feabe74ce57999fbed57e771999997cb44cbb1d3c5238555b8c1eb270deb219cbbc19f271
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy