agenttesla | 86f16916ada3acf3c3558efeb3cfd58c49a95ab1e07ad01a923b3e56dd5a8a84 | Triage

Submit
Reports

Overview

overview

Static

static

USD SWIFT ...79.exe

windows7_x64

USD SWIFT ...79.exe

windows10-2004_x64

Sharing

General

Target

86f16916ada3acf3c3558efeb3cfd58c49a95ab1e07ad01a923b3e56dd5a8a84
Size

410KB
Sample

220520-2xhzgsgbe5
MD5

a0e3a9dfbcdfa9a02a0167ac100403a3
SHA1

83964fc414c868358a6f46ebfe8630c8804c4853
SHA256

86f16916ada3acf3c3558efeb3cfd58c49a95ab1e07ad01a923b3e56dd5a8a84
SHA512

3e4d7f950f08184557316038ee24a3026b5ada5924941da98d7624856b9d6973f831bb2410f2ce894ddf4e9ee23b92bcc4c3a776e88fe871a2bbfb2d3d9db0c4

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

USD SWIFT _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.exe

Resource

win7-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

USD SWIFT _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.connectus-trade.net/
Port:
21
Username:
[email protected]
Password:
o^Z0CIU?^yL2

Protocol: ftp
Host:
ftp://ftp.connectus-trade.net/
Port:
21
Username:
[email protected]
Password:
o^Z0CIU?^yL2

Targets

- Target
  
  USD SWIFT _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.exe
- Size
  
  465KB
- MD5
  
  5774b6feacc679debb8a1e1a203a3724
- SHA1
  
  c0ee5daf232641ac5ed1b340707e3f9acdac03e3
- SHA256
  
  b3dfc9fb1c0e38b8f1efb13d7ecf1e1d118ba2d9f465c246861eeb3f943e8626
- SHA512
  
  8c24898e6a45a428aa99e0e5f22079ab1abdf1d1f43bb1c6a4c2abc06af0206ffe3ab19daba53553d1ed3d29ddaa8ee891c813811c8d0415f066b995ea7971c6
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy