agenttesla | 9bf075b3f65175577943cc58e356164094b5c8ca8715aca2aea0f1ebec15ae40 | Triage

Submit
Reports

Overview

overview

Static

static

167647227-...df.exe

windows7_x64

167647227-...df.exe

windows10-2004_x64

Sharing

General

Target

9bf075b3f65175577943cc58e356164094b5c8ca8715aca2aea0f1ebec15ae40
Size

705KB
Sample

220520-2srqtsahhm
MD5

6136b2442949fbe1c3bbdc0b7a52d3fa
SHA1

d7d86a9447f88b043d036acfeadb28f8cee430ba
SHA256

9bf075b3f65175577943cc58e356164094b5c8ca8715aca2aea0f1ebec15ae40
SHA512

90e58e784ad8ad24ad7c4b1d24f30fd2184ff889628f3f2e80d37001e2e6d0bc78b4da88f9c7e39857f70bf3c15443fd4a0016c38e19372627ec9d15b80e11bc

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

167647227-54134-sdfnt4-2.pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

167647227-54134-sdfnt4-2.pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
sogood12

Targets

- Target
  
  167647227-54134-sdfnt4-2.pdf.exe
- Size
  
  821KB
- MD5
  
  249daa1c11b1c6f8e7097555a94bd56a
- SHA1
  
  dcf0851a7816647a9f4d985741cc9a526ec434b0
- SHA256
  
  20e0f8561c714292edd786c9d77983c8777d8d5740758e43c08ab899e5c00023
- SHA512
  
  ccef8b1689026ea45202dba270371728e8eb85396493caf08ec5f71c78038839e858a37f6aa9854f8577dab1e76a84f9df87e9db21c777d0cb31c61d45b6ac08
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy