agenttesla | 75f75ffb3f987ca0d9cdd37346a7abdfd09378e266c5f875d0392309b2bb4671 | Triage

Submit
Reports

Overview

overview

Static

static

MV TBN - P...df.exe

windows7_x64

MV TBN - P...df.exe

windows10-2004_x64

Sharing

General

Target

75f75ffb3f987ca0d9cdd37346a7abdfd09378e266c5f875d0392309b2bb4671
Size

543KB
Sample

220520-2x3nwsgbg3
MD5

47e22aa1a820ef75d271583c531fc07c
SHA1

38d0c7704050f588fc50fbb2e891e0df17a791f3
SHA256

75f75ffb3f987ca0d9cdd37346a7abdfd09378e266c5f875d0392309b2bb4671
SHA512

ee1cc0b5505f56b141d810eab3e2751fe8b3dc963ddb61c63a039d28423ff07601759386a6d00cdc01c2b0d438abdc8c2038c7c7588e68ab35a73246c3aa70dc

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MV TBN - PORT INQUIRY FOR LOADING DAP IN BULK_pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV TBN - PORT INQUIRY FOR LOADING DAP IN BULK_pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Godisgood101

Targets

- Target
  
  MV TBN - PORT INQUIRY FOR LOADING DAP IN BULK_pdf.exe
- Size
  
  670KB
- MD5
  
  2179b80a71372fc6b7c8c4e014f9928f
- SHA1
  
  3cbf1652745da8c1ab9a77edd1c5230fd8a074ff
- SHA256
  
  e08fedcdcfc38684de2868ee177397876a60e28f6cbaf54f6eeb31c5280b0901
- SHA512
  
  20e48a490a77273f2f55f43540a2bcecbdd73f69e4f5bbd709861ae1aa2b94a8cfaf7b9053687a7e9583377f53d82416d2b933ff62389153ee99dd2468b932a5
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy