agenttesla | a8c2ccbe6b51094e555fe11b631334150250905d0ee89dfc8aad100be8cc1e98 | Triage

Submit
Reports

Overview

overview

Static

static

DHL.exe

windows7_x64

DHL.exe

windows10-2004_x64

Sharing

General

Target

a8c2ccbe6b51094e555fe11b631334150250905d0ee89dfc8aad100be8cc1e98
Size

1.2MB
Sample

220520-2qengsaggn
MD5

16efd5f4875687e4e417cffee34bedc8
SHA1

81be5495fdaa950f487a125de6926e7a24194857
SHA256

a8c2ccbe6b51094e555fe11b631334150250905d0ee89dfc8aad100be8cc1e98
SHA512

29bd9a5168ca6b34e96937792544d192d90e95daf5c2b9fd0a5ff2654ced5a5b27b0f630f609fcca5235d5baafaedf771c51b90c0713969f98b2ad5f706ba437

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

DHL.exe

Resource

win7-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL.exe

Resource

win10v2004-20220414-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.mail.ru
Port:
587
Username:
[email protected]
Password:
donttryme005

Targets

- Target
  
  DHL.EXE
- Size
  
  711KB
- MD5
  
  711997ec37954514a8ce09446a0750a7
- SHA1
  
  d7ce953eef214f02d03df4eafa8c73416268ad50
- SHA256
  
  f70cd1568d92c035119e5bb9e8bf1ada495ba6f31c6d042ac1d98ac3060d59a1
- SHA512
  
  573a49538e0a64b3d5df1c3ef2a016952102b6c662bb6be25e650e57bf80c0a535f667cbe827a580e9502b36543963df3fccfc64dd958fd824548b898b7ef6f9
Score

10^/10

agenttesla keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslakeyloggerpersistencespywarestealertrojan

behavioral2

agentteslakeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy